From 1fade14ba59509630927fc07a77275a36b432afc Mon Sep 17 00:00:00 2001 From: Jonas Plum Date: Mon, 27 Dec 2021 00:17:44 +0100 Subject: [PATCH] Mock time (#2) --- database/artifact.go | 2 +- database/busdb/busdb.go | 5 - database/busdb/log.go | 6 +- database/playbook.go | 2 +- database/ticket.go | 2 +- database/ticket_field.go | 32 +- database/ticket_task.go | 10 +- database/user.go | 2 +- definition/logs.yaml | 2 +- definition/tickets.yaml | 240 +++++----- generated/catalyst.json | 172 +++---- generated/catalyst.yml | 264 +++++------ generated/community.json | 172 +++---- generated/community.yml | 264 +++++------ generated/restapi/embedded_spec.go | 528 ++++++++++----------- generated/test/api_server_test.go | 99 ++-- generator/templates/api_server_test.gotmpl | 60 +-- test/data.go | 4 +- time/time.go | 19 + 19 files changed, 916 insertions(+), 969 deletions(-) create mode 100644 time/time.go diff --git a/database/artifact.go b/database/artifact.go index 42a0679..6a860df 100644 --- a/database/artifact.go +++ b/database/artifact.go @@ -3,12 +3,12 @@ package database import ( "context" "fmt" - "time" "github.com/arangodb/go-driver" "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" + "github.com/SecurityBrewery/catalyst/time" ) func (db *Database) ArtifactGet(ctx context.Context, id int64, name string) (*models.Artifact, error) { diff --git a/database/busdb/busdb.go b/database/busdb/busdb.go index 069bcc1..6366147 100644 --- a/database/busdb/busdb.go +++ b/database/busdb/busdb.go @@ -9,11 +9,6 @@ import ( "github.com/SecurityBrewery/catalyst/generated/models" ) -type Hook interface { - PublishAction(action string, context, msg map[string]interface{}) error - PublishUpdate(col, id string) error -} - // BusDatabase // 1. Save entry to log // 2. Send update ticket to bus diff --git a/database/busdb/log.go b/database/busdb/log.go index 6fab570..ef198f2 100644 --- a/database/busdb/log.go +++ b/database/busdb/log.go @@ -3,23 +3,23 @@ package busdb import ( "context" "errors" - "time" "github.com/arangodb/go-driver" "github.com/SecurityBrewery/catalyst/generated/models" + "github.com/SecurityBrewery/catalyst/time" ) const LogCollectionName = "logs" -func (db *BusDatabase) LogCreate(ctx context.Context, id, message string) (*models.LogEntry, error) { +func (db *BusDatabase) LogCreate(ctx context.Context, reference, message string) (*models.LogEntry, error) { user, ok := UserFromContext(ctx) if !ok { return nil, errors.New("no user in context") } logentry := &models.LogEntry{ - Reference: id, + Reference: reference, Created: time.Now(), Creator: user.ID, Message: message, diff --git a/database/playbook.go b/database/playbook.go index 9c1b810..b2d9a2d 100644 --- a/database/playbook.go +++ b/database/playbook.go @@ -3,7 +3,6 @@ package database import ( "context" "errors" - "time" "github.com/arangodb/go-driver" "github.com/iancoleman/strcase" @@ -12,6 +11,7 @@ import ( "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" + "github.com/SecurityBrewery/catalyst/time" ) type PlaybookYAML struct { diff --git a/database/ticket.go b/database/ticket.go index bb03c75..ffcc604 100644 --- a/database/ticket.go +++ b/database/ticket.go @@ -9,7 +9,6 @@ import ( "strconv" "strings" "sync" - "time" "github.com/arangodb/go-driver" "github.com/xeipuuv/gojsonschema" @@ -18,6 +17,7 @@ import ( "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" "github.com/SecurityBrewery/catalyst/index" + "github.com/SecurityBrewery/catalyst/time" ) func toTicket(ticketForm *models.TicketForm) (interface{}, error) { diff --git a/database/ticket_field.go b/database/ticket_field.go index 7f7df2b..31dd890 100644 --- a/database/ticket_field.go +++ b/database/ticket_field.go @@ -4,7 +4,6 @@ import ( "context" "errors" "fmt" - "time" "github.com/arangodb/go-driver" "github.com/iancoleman/strcase" @@ -13,6 +12,7 @@ import ( "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" "github.com/SecurityBrewery/catalyst/pointer" + "github.com/SecurityBrewery/catalyst/time" ) func (db *Database) AddArtifact(ctx context.Context, id int64, artifact *models.Artifact) (*models.TicketWithTickets, error) { @@ -31,9 +31,9 @@ func (db *Database) AddArtifact(ctx context.Context, id int64, artifact *models. query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "artifacts": PUSH(NOT_NULL(d.artifacts, []), @artifact) } IN @@collection + UPDATE d WITH { "modified": @now, "artifacts": PUSH(NOT_NULL(d.artifacts, []), @artifact) } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"artifact": artifact}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"artifact": artifact, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -71,9 +71,9 @@ func (db *Database) RemoveArtifact(ctx context.Context, id int64, name string) ( FOR a IN NOT_NULL(d.artifacts, []) FILTER a.name == @name LET newartifacts = REMOVE_VALUE(d.artifacts, a) - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "artifacts": newartifacts } IN @@collection + UPDATE d WITH { "modified": @now, "artifacts": newartifacts } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"name": name}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"name": name, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -122,9 +122,9 @@ func (db *Database) AddComment(ctx context.Context, id int64, comment *models.Co query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "comments": PUSH(NOT_NULL(d.comments, []), @comment) } IN @@collection + UPDATE d WITH { "modified": @now, "comments": PUSH(NOT_NULL(d.comments, []), @comment) } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"comment": comment}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"comment": comment, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -141,9 +141,9 @@ func (db *Database) RemoveComment(ctx context.Context, id int64, commentID int64 query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "comments": REMOVE_NTH(d.comments, @commentID) } IN @@collection + UPDATE d WITH { "modified": @now, "comments": REMOVE_NTH(d.comments, @commentID) } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"commentID": commentID}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"commentID": commentID, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -160,9 +160,9 @@ func (db *Database) SetReferences(ctx context.Context, id int64, references []*m query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "references": @references } IN @@collection + UPDATE d WITH { "modified": @now, "references": @references } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"references": references}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"references": references, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -179,9 +179,9 @@ func (db *Database) LinkFiles(ctx context.Context, id int64, files []*models.Fil query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "files": @files } IN @@collection + UPDATE d WITH { "modified": @now, "files": @files } IN @@collection RETURN NEW` - return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"files": files}, ticketFilterVars), &busdb.Operation{ + return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"files": files, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)), @@ -216,12 +216,13 @@ func (db *Database) AddTicketPlaybook(ctx context.Context, id int64, playbookTem FILTER d._key == @ID LET newplaybook = ZIP( [@playbookID], [@playbook] ) LET newplaybooks = MERGE(NOT_NULL(d.playbooks, {}), newplaybook) - LET newticket = MERGE(d, { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks }) + LET newticket = MERGE(d, { "modified": @now, "playbooks": newplaybooks }) REPLACE d WITH newticket IN @@collection RETURN NEW` ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{ "playbook": pb, "playbookID": findName(parentTicket.Playbooks, playbookID), + "now": time.Now().UTC(), }, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ @@ -277,10 +278,11 @@ func (db *Database) RemoveTicketPlaybook(ctx context.Context, id int64, playbook ` + ticketFilterQuery + ` FILTER d._key == @ID LET newplaybooks = UNSET(d.playbooks, @playbookID) - REPLACE d WITH MERGE(d, { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks }) IN @@collection + REPLACE d WITH MERGE(d, { "modified": @now, "playbooks": newplaybooks }) IN @@collection RETURN NEW` return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{ "playbookID": playbookID, + "now": time.Now().UTC(), }, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ diff --git a/database/ticket_task.go b/database/ticket_task.go index 2c119af..510a883 100644 --- a/database/ticket_task.go +++ b/database/ticket_task.go @@ -5,13 +5,13 @@ import ( "errors" "fmt" "log" - "time" "github.com/arangodb/go-driver" "github.com/google/uuid" "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" + "github.com/SecurityBrewery/catalyst/time" ) func (db *Database) TaskGet(ctx context.Context, id int64, playbookID string, taskID string) (*models.TicketWithTickets, *models.PlaybookResponse, *models.TaskWithContext, error) { @@ -65,13 +65,14 @@ func (db *Database) TaskComplete(ctx context.Context, id int64, playbookID strin LET newplaybook = MERGE(playbook, {"tasks": newtasks}) LET newplaybooks = MERGE(d.playbooks, { @playbookID: newplaybook } ) - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks } IN @@collection + UPDATE d WITH { "modified": @now, "playbooks": newplaybooks } IN @@collection RETURN NEW` ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{ "playbookID": playbookID, "taskID": taskID, "data": data, "closed": time.Now().UTC(), + "now": time.Now().UTC(), }, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ @@ -118,6 +119,8 @@ func (db *Database) TaskUpdate(ctx context.Context, id int64, playbookID string, return nil, err } + task.Created = time.Now().UTC() + query := `LET d = DOCUMENT(@@collection, @ID) ` + ticketFilterQuery + ` LET playbook = d.playbooks[@playbookID] @@ -125,12 +128,13 @@ func (db *Database) TaskUpdate(ctx context.Context, id int64, playbookID string, LET newplaybook = MERGE(playbook, {"tasks": newtasks}) LET newplaybooks = MERGE(d.playbooks, { @playbookID: newplaybook } ) - UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks } IN @@collection + UPDATE d WITH { "modified": @now, "playbooks": newplaybooks } IN @@collection RETURN NEW` ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{ "playbookID": playbookID, "taskID": taskID, "task": task, + "now": time.Now().UTC(), }, ticketFilterVars), &busdb.Operation{ OperationType: busdb.Update, Ids: []driver.DocumentID{ diff --git a/database/user.go b/database/user.go index 2a03baf..a2c8c7a 100644 --- a/database/user.go +++ b/database/user.go @@ -6,7 +6,6 @@ import ( "errors" "fmt" "math/rand" - "time" "github.com/arangodb/go-driver" "github.com/gin-gonic/gin" @@ -16,6 +15,7 @@ import ( "github.com/SecurityBrewery/catalyst/generated/models" "github.com/SecurityBrewery/catalyst/pointer" "github.com/SecurityBrewery/catalyst/role" + "github.com/SecurityBrewery/catalyst/time" ) var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_") diff --git a/definition/logs.yaml b/definition/logs.yaml index 1d811a4..d06c73b 100644 --- a/definition/logs.yaml +++ b/definition/logs.yaml @@ -16,7 +16,7 @@ paths: schema: { type: array, items: { $ref: "#/definitions/LogEntry" } } examples: test: - - { "created": "2021-10-02T18:05:00.333535+02:00","creator": "bob","reference": "tickets/294511","message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim." } + - { "created": "2021-12-12T12:12:12.000000012Z","creator": "bob","reference": "tickets/294511","message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim." } security: [ { roles: [ "log:read" ] } ] definitions: diff --git a/definition/tickets.yaml b/definition/tickets.yaml index 59b7bff..83714c1 100644 --- a/definition/tickets.yaml +++ b/definition/tickets.yaml @@ -23,21 +23,21 @@ paths: count: 3 tickets: - id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -49,8 +49,8 @@ paths: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } - - { id: 8125, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" } - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8125, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:read" ] } ] post: tags: [ "tickets" ] @@ -68,8 +68,8 @@ paths: name: "Wannacry infection" type: "incident" status: "open" - created: "1985-04-12T23:20:50.52Z" - modified: "1985-04-12T23:20:50.52Z" + created: "2021-12-12T12:12:12.000000012Z" + modified: "2021-12-12T12:12:12.000000012Z" owner: "bob" schema: "{}" security: [ { roles: [ "ticket:write" ] } ] @@ -99,8 +99,8 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: @@ -114,7 +114,7 @@ paths: status: "closed" type: "alert" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:read" ] } ] put: tags: [ "tickets" ] @@ -122,7 +122,7 @@ paths: operationId: "updateTicket" parameters: - { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 } - - { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-10-02T18:04:59.078186+02:00",modified: "2021-10-02T18:04:59.078186+02:00", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } } + - { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-12-12T12:12:12.000000012Z",modified: "2021-12-12T12:12:12.000000012Z", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } } responses: "200": description: "successful operation" @@ -130,8 +130,8 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-12-12T12:12:12.000000012Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.org detected" owner: "demo" references: @@ -145,7 +145,7 @@ paths: status: "closed" type: "alert" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] delete: tags: [ "tickets" ] @@ -172,8 +172,8 @@ paths: examples: test: id: 8126 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-10-02T16:04:59.078186Z" name: "Surfaceintroduce virus detected" owner: "demo" references: @@ -185,21 +185,21 @@ paths: type: "alert" tickets: - id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -212,8 +212,8 @@ paths: - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - { name: "leadreintermediate.io", status: "malicious" } - id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: @@ -238,8 +238,8 @@ paths: examples: test: id: 8126 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-10-02T16:04:59.078186Z" name: "Surfaceintroduce virus detected" owner: "demo" references: @@ -266,12 +266,12 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.com detected" owner: "demo" comments: - - created: "2021-10-02T18:04:59.078186+02:00" + - created: "2021-12-12T12:12:12.000000012Z" creator: "bob" message: "My first comment" references: @@ -282,7 +282,7 @@ paths: status: "closed" type: "alert" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/comments/{commentID}: @@ -301,21 +301,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -344,8 +344,8 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ] @@ -353,7 +353,7 @@ paths: status: "closed" type: "alert" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/schema: @@ -371,8 +371,8 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-10-02T16:04:59.078186Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: @@ -383,7 +383,7 @@ paths: status: "closed" type: "alert" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] /tickets/{id}/files: @@ -402,8 +402,8 @@ paths: examples: test: id: 8125 - created: "2021-10-02T18:04:59.078186+02:00" - modified: "2021-10-02T18:04:59.078186+02:00" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "phishing from selenafadel@von.com detected" owner: "demo" references: @@ -415,7 +415,7 @@ paths: type: "alert" files: [ { key: myfile, name: "document.doc" } ] tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } security: [ { roles: [ "ticket:write" ] } ] @@ -438,11 +438,11 @@ paths: owner: demo type: "alert" status: "closed" - created: "1985-04-12T23:20:50.52Z" - modified: "1985-04-12T23:20:50.52Z" + created: "2021-10-02T16:04:59.078186Z" + modified: "2021-12-12T12:12:12.000000012Z" schema: "{}" tickets: - - { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } + - { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" } references: - { href: "https://www.seniorleading-edge.name/users/efficient", name: recovery } - { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: force } @@ -454,7 +454,7 @@ paths: input: active: true done: false - created: "2021-10-02T18:04:59.078186+02:00" + created: "2021-12-12T12:12:12.000000012Z" order: 0 name: Upload malware if possible type: input @@ -472,7 +472,7 @@ paths: hash: active: false done: false - created: "2021-10-02T18:04:59.078186+02:00" + created: "2021-12-12T12:12:12.000000012Z" order: 1 name: Hash the malware type: automation @@ -485,7 +485,7 @@ paths: escalate: active: false done: false - created: "2021-10-02T18:04:59.078186+02:00" + created: "2021-12-12T12:12:12.000000012Z" order: 2 name: Escalate to malware team type: task @@ -508,8 +508,8 @@ paths: name: "live zebra" type: "incident" status: "closed" - created: "1985-04-12T23:20:50.52Z" - modified: "1985-04-12T23:20:50.52Z" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" owner: "demo" references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: performance } @@ -629,21 +629,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -674,21 +674,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", closed: "2021-10-02T18:04:59.078186+02:00", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", closed: "2021-12-12T12:12:12.000000012Z", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -730,21 +730,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -789,21 +789,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -830,21 +830,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-12-12T12:12:12.000000012Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -886,21 +886,21 @@ paths: examples: test: id: 8123 - created: "2021-10-02T18:04:59.078206+02:00" - modified: "2021-10-02T18:04:59.078206+02:00" + created: "2021-10-02T16:04:59.078206Z" + modified: "2021-10-02T16:04:59.078206Z" name: "live zebra" owner: "demo" playbooks: phishing: name: "Phishing" tasks: - "block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } - "block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } - "board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } - "escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } - "extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } - "mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } - "search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } + "block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" } + "block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" } + "board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" } + "escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" } + "extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" } + "mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" } + "search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" } references: - { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" } - { href: "http://www.corporateinteractive.name/rich", name: "autumn" } @@ -911,7 +911,7 @@ paths: artifacts: - { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" } - { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" } - - { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-10-03T18:44:06.488923+02:00", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } } + - { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-12-12T12:12:12.000000012Z", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } } security: [ { roles: [ "ticket:write" ] } ] definitions: diff --git a/generated/catalyst.json b/generated/catalyst.json index 368574a..3dfec04 100644 --- a/generated/catalyst.json +++ b/generated/catalyst.json @@ -720,7 +720,7 @@ }, "test" : { "example" : [ { - "created" : "2021-10-02T16:05:00.334+0000", + "created" : "2021-12-12T12:12:12.000+0000", "creator" : "bob", "message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference" : "tickets/294511" @@ -1537,13 +1537,13 @@ "name" : "Phishing", "tasks" : { "block-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "type" : "task" }, "block-sender" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -1552,7 +1552,7 @@ "type" : "task" }, "board" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -1574,13 +1574,13 @@ "type" : "input" }, "escalate" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "type" : "task" }, "extract-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -1602,7 +1602,7 @@ "type" : "input" }, "mail-available" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -1640,7 +1640,7 @@ "type" : "input" }, "search-email-gateway" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -1738,9 +1738,9 @@ }, "test" : { "example" : { - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-12-12T12:12:12.000+0000", "id" : 123, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "Wannacry infection", "owner" : "bob", "schema" : "{}", @@ -1893,9 +1893,9 @@ }, "test" : { "example" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.org detected", "owner" : "demo", "references" : [ { @@ -1996,7 +1996,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -2005,7 +2005,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2013,7 +2013,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2024,7 +2024,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2048,7 +2048,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2056,7 +2056,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2080,7 +2080,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2120,7 +2120,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2200,7 +2200,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -2209,7 +2209,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2217,7 +2217,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2228,7 +2228,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2252,7 +2252,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2260,7 +2260,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2284,7 +2284,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2324,7 +2324,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2468,7 +2468,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2476,7 +2476,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2487,7 +2487,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2511,7 +2511,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2519,7 +2519,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2543,7 +2543,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2583,7 +2583,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2673,7 +2673,7 @@ }, { "enrichments" : { "hash.sha1" : { - "created" : "2021-10-03T16:44:06.489+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "hash" : "b7a067a742c20d07a7456646de89bc2d408a1153" }, @@ -2694,7 +2694,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2702,7 +2702,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2713,7 +2713,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2737,7 +2737,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2745,7 +2745,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2769,7 +2769,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2809,7 +2809,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2927,13 +2927,13 @@ "test" : { "example" : { "comments" : [ { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "creator" : "bob", "message" : "My first comment" } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -3029,7 +3029,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -3038,7 +3038,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -3046,7 +3046,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3057,7 +3057,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -3081,7 +3081,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -3089,7 +3089,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3113,7 +3113,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3153,7 +3153,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -3236,7 +3236,7 @@ "name" : "document.doc" } ], "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -3321,9 +3321,9 @@ }, "test" : { "example" : { - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "playbooks" : { @@ -3332,7 +3332,7 @@ "tasks" : { "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to malware team", "order" : 2, @@ -3341,7 +3341,7 @@ "hash" : { "active" : false, "automation" : "hash.sha1", - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Hash the malware", "next" : { @@ -3355,7 +3355,7 @@ }, "input" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Upload malware if possible", "next" : { @@ -3465,9 +3465,9 @@ "name" : "leadreintermediate.io", "status" : "malicious" } ], - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "references" : [ { @@ -3561,7 +3561,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -3570,7 +3570,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -3578,7 +3578,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3589,7 +3589,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "boardInvolved" : true }, @@ -3616,7 +3616,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -3624,7 +3624,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3648,7 +3648,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3688,7 +3688,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -3792,7 +3792,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -3801,7 +3801,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -3809,7 +3809,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3820,8 +3820,8 @@ }, "board" : { "active" : false, - "closed" : "2021-10-02T16:04:59.078+0000", - "created" : "2021-10-02T16:04:59.078+0000", + "closed" : "2021-12-12T12:12:12.000+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "boardInvolved" : true }, @@ -3848,7 +3848,7 @@ }, "escalate" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -3856,7 +3856,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3880,7 +3880,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3920,7 +3920,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -4044,7 +4044,7 @@ "example" : { "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -4315,13 +4315,13 @@ "name" : "Phishing", "tasks" : { "block-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "type" : "task" }, "block-sender" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -4330,7 +4330,7 @@ "type" : "task" }, "board" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -4352,13 +4352,13 @@ "type" : "input" }, "escalate" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "type" : "task" }, "extract-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -4380,7 +4380,7 @@ "type" : "input" }, "mail-available" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -4418,7 +4418,7 @@ "type" : "input" }, "search-email-gateway" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { diff --git a/generated/catalyst.yml b/generated/catalyst.yml index 338752b..18d0b2b 100644 --- a/generated/catalyst.yml +++ b/generated/catalyst.yml @@ -1931,7 +1931,7 @@ paths: description: successful operation examples: test: - - created: 2021-10-02T18:05:00.333535+02:00 + - created: 2021-12-12T12:12:12.000000012Z creator: bob message: Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique @@ -3381,9 +3381,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -3391,19 +3391,19 @@ paths: name: Phishing tasks: block-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs type: task block-sender: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: extract-iocs: "" type: task board: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3421,12 +3421,12 @@ paths: type: object type: input escalate: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO type: task extract-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -3442,7 +3442,7 @@ paths: type: object type: input mail-available: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -3471,7 +3471,7 @@ paths: type: object type: input search-email-gateway: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -3577,9 +3577,9 @@ paths: } status: closed type: incident - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -3592,9 +3592,9 @@ paths: schema: '{}' status: closed type: alert - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3635,9 +3635,9 @@ paths: description: successful operation examples: test: - created: 1985-04-12T23:20:50.52Z + created: 2021-12-12T12:12:12.000000012Z id: 123 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: Wannacry infection owner: bob schema: '{}' @@ -3686,9 +3686,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -3701,9 +3701,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3742,8 +3742,8 @@ paths: schema: $ref: '#/definitions/Ticket' x-example: - created: 2021-10-02T18:04:59.078186+02:00 - modified: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.org detected owner: demo references: @@ -3761,9 +3761,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.org detected owner: demo references: @@ -3776,9 +3776,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3834,9 +3834,9 @@ paths: - name: 2.2.2.2 status: unknown type: ip - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -3845,14 +3845,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -3861,7 +3861,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3881,14 +3881,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -3906,7 +3906,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -3937,7 +3937,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4078,9 +4078,9 @@ paths: status: unknown - name: http://www.customerviral.io/scalable/vertical/killer status: clean - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -4089,14 +4089,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4105,7 +4105,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -4125,14 +4125,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4150,7 +4150,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4181,7 +4181,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4361,9 +4361,9 @@ paths: status: clean - name: leadreintermediate.io status: clean - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -4372,14 +4372,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4388,7 +4388,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -4408,14 +4408,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4433,7 +4433,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4464,7 +4464,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4616,15 +4616,15 @@ paths: status: clean - enrichments: hash.sha1: - created: 2021-10-03T18:44:06.488923+02:00 + created: 2021-12-12T12:12:12.000000012Z data: hash: b7a067a742c20d07a7456646de89bc2d408a1153 name: hash.sha1 name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -4633,14 +4633,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4649,7 +4649,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -4669,14 +4669,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4694,7 +4694,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4725,7 +4725,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4895,12 +4895,12 @@ paths: examples: test: comments: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-12-12T12:12:12.000000012Z creator: bob message: My first comment - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -4913,9 +4913,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -4967,9 +4967,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -4978,14 +4978,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4994,7 +4994,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -5014,14 +5014,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5039,7 +5039,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5070,7 +5070,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -5214,12 +5214,12 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z files: - key: myfile name: document.doc id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -5232,9 +5232,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5308,9 +5308,9 @@ paths: description: successful operation examples: test: - created: 1985-04-12T23:20:50.52Z + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo playbooks: @@ -5319,7 +5319,7 @@ paths: tasks: escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to malware team order: 2 @@ -5327,7 +5327,7 @@ paths: hash: active: false automation: hash.sha1 - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Hash the malware next: @@ -5338,7 +5338,7 @@ paths: type: automation input: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Upload malware if possible next: @@ -5363,9 +5363,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5413,9 +5413,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 1985-04-12T23:20:50.52Z + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo references: @@ -5588,9 +5588,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -5599,14 +5599,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -5615,7 +5615,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z data: boardInvolved: true done: false @@ -5637,14 +5637,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5662,7 +5662,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5693,7 +5693,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -5851,9 +5851,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -5862,14 +5862,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -5878,8 +5878,8 @@ paths: type: task board: active: false - closed: 2021-10-02T18:04:59.078186+02:00 - created: 2021-10-02T18:04:59.078186+02:00 + closed: 2021-12-12T12:12:12.000000012Z + created: 2021-12-12T12:12:12.000000012Z data: boardInvolved: true done: true @@ -5901,14 +5901,14 @@ paths: type: input escalate: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5926,7 +5926,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5957,7 +5957,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -6131,9 +6131,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -6142,9 +6142,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -6188,9 +6188,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -6203,9 +6203,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -6251,9 +6251,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -6297,9 +6297,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -6319,9 +6319,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -6329,19 +6329,19 @@ paths: name: Phishing tasks: block-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs type: task block-sender: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: extract-iocs: "" type: task board: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -6359,12 +6359,12 @@ paths: type: object type: input escalate: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO type: task extract-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -6380,7 +6380,7 @@ paths: type: object type: input mail-available: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -6409,7 +6409,7 @@ paths: type: object type: input search-email-gateway: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -6515,9 +6515,9 @@ paths: } status: closed type: incident - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: diff --git a/generated/community.json b/generated/community.json index b5eac50..d7e76d2 100644 --- a/generated/community.json +++ b/generated/community.json @@ -488,7 +488,7 @@ }, "test" : { "example" : [ { - "created" : "2021-10-02T16:05:00.334+0000", + "created" : "2021-12-12T12:12:12.000+0000", "creator" : "bob", "message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference" : "tickets/294511" @@ -1107,13 +1107,13 @@ "name" : "Phishing", "tasks" : { "block-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "type" : "task" }, "block-sender" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -1122,7 +1122,7 @@ "type" : "task" }, "board" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -1144,13 +1144,13 @@ "type" : "input" }, "escalate" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "type" : "task" }, "extract-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -1172,7 +1172,7 @@ "type" : "input" }, "mail-available" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -1210,7 +1210,7 @@ "type" : "input" }, "search-email-gateway" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -1308,9 +1308,9 @@ }, "test" : { "example" : { - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-12-12T12:12:12.000+0000", "id" : 123, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "Wannacry infection", "owner" : "bob", "schema" : "{}", @@ -1463,9 +1463,9 @@ }, "test" : { "example" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.org detected", "owner" : "demo", "references" : [ { @@ -1566,7 +1566,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -1575,7 +1575,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -1583,7 +1583,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -1594,7 +1594,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -1618,7 +1618,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -1626,7 +1626,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -1650,7 +1650,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -1690,7 +1690,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -1770,7 +1770,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -1779,7 +1779,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -1787,7 +1787,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -1798,7 +1798,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -1822,7 +1822,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -1830,7 +1830,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -1854,7 +1854,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -1894,7 +1894,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2038,7 +2038,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2046,7 +2046,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2057,7 +2057,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2081,7 +2081,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2089,7 +2089,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2113,7 +2113,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2153,7 +2153,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2243,7 +2243,7 @@ }, { "enrichments" : { "hash.sha1" : { - "created" : "2021-10-03T16:44:06.489+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "hash" : "b7a067a742c20d07a7456646de89bc2d408a1153" }, @@ -2264,7 +2264,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2272,7 +2272,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2283,7 +2283,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2307,7 +2307,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2315,7 +2315,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2339,7 +2339,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2379,7 +2379,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2497,13 +2497,13 @@ "test" : { "example" : { "comments" : [ { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "creator" : "bob", "message" : "My first comment" } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -2599,7 +2599,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -2608,7 +2608,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -2616,7 +2616,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -2627,7 +2627,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -2651,7 +2651,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -2659,7 +2659,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -2683,7 +2683,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -2723,7 +2723,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -2806,7 +2806,7 @@ "name" : "document.doc" } ], "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -2891,9 +2891,9 @@ }, "test" : { "example" : { - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "playbooks" : { @@ -2902,7 +2902,7 @@ "tasks" : { "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to malware team", "order" : 2, @@ -2911,7 +2911,7 @@ "hash" : { "active" : false, "automation" : "hash.sha1", - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Hash the malware", "next" : { @@ -2925,7 +2925,7 @@ }, "input" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Upload malware if possible", "next" : { @@ -3035,9 +3035,9 @@ "name" : "leadreintermediate.io", "status" : "malicious" } ], - "created" : "1985-04-12T23:20:50.520+0000", + "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "1985-04-12T23:20:50.520+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "references" : [ { @@ -3131,7 +3131,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -3140,7 +3140,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -3148,7 +3148,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3159,7 +3159,7 @@ }, "board" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "boardInvolved" : true }, @@ -3186,7 +3186,7 @@ }, "escalate" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -3194,7 +3194,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3218,7 +3218,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3258,7 +3258,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -3362,7 +3362,7 @@ } ], "created" : "2021-10-02T16:04:59.078+0000", "id" : 8123, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "live zebra", "owner" : "demo", "playbooks" : { @@ -3371,7 +3371,7 @@ "tasks" : { "block-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "order" : 6, @@ -3379,7 +3379,7 @@ }, "block-sender" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3390,8 +3390,8 @@ }, "board" : { "active" : false, - "closed" : "2021-10-02T16:04:59.078+0000", - "created" : "2021-10-02T16:04:59.078+0000", + "closed" : "2021-12-12T12:12:12.000+0000", + "created" : "2021-12-12T12:12:12.000+0000", "data" : { "boardInvolved" : true }, @@ -3418,7 +3418,7 @@ }, "escalate" : { "active" : true, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "order" : 1, @@ -3426,7 +3426,7 @@ }, "extract-iocs" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3450,7 +3450,7 @@ }, "mail-available" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3490,7 +3490,7 @@ }, "search-email-gateway" : { "active" : false, - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { @@ -3614,7 +3614,7 @@ "example" : { "created" : "2021-10-02T16:04:59.078+0000", "id" : 8125, - "modified" : "2021-10-02T16:04:59.078+0000", + "modified" : "2021-12-12T12:12:12.000+0000", "name" : "phishing from selenafadel@von.com detected", "owner" : "demo", "references" : [ { @@ -3885,13 +3885,13 @@ "name" : "Phishing", "tasks" : { "block-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block IOCs", "type" : "task" }, "block-sender" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Block sender", "next" : { @@ -3900,7 +3900,7 @@ "type" : "task" }, "board" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Board Involvement?", "next" : { @@ -3922,13 +3922,13 @@ "type" : "input" }, "escalate" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Escalate to CISO", "type" : "task" }, "extract-iocs" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Extract IOCs", "next" : { @@ -3950,7 +3950,7 @@ "type" : "input" }, "mail-available" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Mail available", "next" : { @@ -3988,7 +3988,7 @@ "type" : "input" }, "search-email-gateway" : { - "created" : "2021-10-02T16:04:59.078+0000", + "created" : "2021-12-12T12:12:12.000+0000", "done" : false, "name" : "Search email gateway", "next" : { diff --git a/generated/community.yml b/generated/community.yml index 26fbae4..9727056 100644 --- a/generated/community.yml +++ b/generated/community.yml @@ -1660,7 +1660,7 @@ paths: description: successful operation examples: test: - - created: 2021-10-02T18:05:00.333535+02:00 + - created: 2021-12-12T12:12:12.000000012Z creator: bob message: Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique @@ -2969,9 +2969,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -2979,19 +2979,19 @@ paths: name: Phishing tasks: block-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs type: task block-sender: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: extract-iocs: "" type: task board: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3009,12 +3009,12 @@ paths: type: object type: input escalate: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO type: task extract-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -3030,7 +3030,7 @@ paths: type: object type: input mail-available: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -3059,7 +3059,7 @@ paths: type: object type: input search-email-gateway: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -3165,9 +3165,9 @@ paths: } status: closed type: incident - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -3180,9 +3180,9 @@ paths: schema: '{}' status: closed type: alert - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3223,9 +3223,9 @@ paths: description: successful operation examples: test: - created: 1985-04-12T23:20:50.52Z + created: 2021-12-12T12:12:12.000000012Z id: 123 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: Wannacry infection owner: bob schema: '{}' @@ -3274,9 +3274,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -3289,9 +3289,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3330,8 +3330,8 @@ paths: schema: $ref: '#/definitions/Ticket' x-example: - created: 2021-10-02T18:04:59.078186+02:00 - modified: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.org detected owner: demo references: @@ -3349,9 +3349,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.org detected owner: demo references: @@ -3364,9 +3364,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -3422,9 +3422,9 @@ paths: - name: 2.2.2.2 status: unknown type: ip - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -3433,14 +3433,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -3449,7 +3449,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3469,14 +3469,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -3494,7 +3494,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -3525,7 +3525,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -3666,9 +3666,9 @@ paths: status: unknown - name: http://www.customerviral.io/scalable/vertical/killer status: clean - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -3677,14 +3677,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -3693,7 +3693,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3713,14 +3713,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -3738,7 +3738,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -3769,7 +3769,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -3949,9 +3949,9 @@ paths: status: clean - name: leadreintermediate.io status: clean - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -3960,14 +3960,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -3976,7 +3976,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -3996,14 +3996,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4021,7 +4021,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4052,7 +4052,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4204,15 +4204,15 @@ paths: status: clean - enrichments: hash.sha1: - created: 2021-10-03T18:44:06.488923+02:00 + created: 2021-12-12T12:12:12.000000012Z data: hash: b7a067a742c20d07a7456646de89bc2d408a1153 name: hash.sha1 name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -4221,14 +4221,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4237,7 +4237,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -4257,14 +4257,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4282,7 +4282,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4313,7 +4313,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4483,12 +4483,12 @@ paths: examples: test: comments: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-12-12T12:12:12.000000012Z creator: bob message: My first comment - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -4501,9 +4501,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -4555,9 +4555,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -4566,14 +4566,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -4582,7 +4582,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -4602,14 +4602,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -4627,7 +4627,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -4658,7 +4658,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -4802,12 +4802,12 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z files: - key: myfile name: document.doc id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -4820,9 +4820,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -4896,9 +4896,9 @@ paths: description: successful operation examples: test: - created: 1985-04-12T23:20:50.52Z + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo playbooks: @@ -4907,7 +4907,7 @@ paths: tasks: escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to malware team order: 2 @@ -4915,7 +4915,7 @@ paths: hash: active: false automation: hash.sha1 - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Hash the malware next: @@ -4926,7 +4926,7 @@ paths: type: automation input: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Upload malware if possible next: @@ -4951,9 +4951,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5001,9 +5001,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 1985-04-12T23:20:50.52Z + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 1985-04-12T23:20:50.52Z + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo references: @@ -5176,9 +5176,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -5187,14 +5187,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -5203,7 +5203,7 @@ paths: type: task board: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z data: boardInvolved: true done: false @@ -5225,14 +5225,14 @@ paths: type: input escalate: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5250,7 +5250,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5281,7 +5281,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -5439,9 +5439,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: live zebra owner: demo playbooks: @@ -5450,14 +5450,14 @@ paths: tasks: block-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs order: 6 type: task block-sender: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: @@ -5466,8 +5466,8 @@ paths: type: task board: active: false - closed: 2021-10-02T18:04:59.078186+02:00 - created: 2021-10-02T18:04:59.078186+02:00 + closed: 2021-12-12T12:12:12.000000012Z + created: 2021-12-12T12:12:12.000000012Z data: boardInvolved: true done: true @@ -5489,14 +5489,14 @@ paths: type: input escalate: active: true - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO order: 1 type: task extract-iocs: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5514,7 +5514,7 @@ paths: type: input mail-available: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5545,7 +5545,7 @@ paths: type: input search-email-gateway: active: false - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -5719,9 +5719,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-12-12T12:12:12.000000012Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -5730,9 +5730,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5776,9 +5776,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: @@ -5791,9 +5791,9 @@ paths: schema: '{}' status: closed tickets: - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5839,9 +5839,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5885,9 +5885,9 @@ paths: description: successful operation examples: test: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-10-02T16:04:59.078186Z id: 8126 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: Surfaceintroduce virus detected owner: demo references: @@ -5907,9 +5907,9 @@ paths: status: clean - name: leadreintermediate.io status: malicious - created: 2021-10-02T18:04:59.078206+02:00 + created: 2021-10-02T16:04:59.078206Z id: 8123 - modified: 2021-10-02T18:04:59.078206+02:00 + modified: 2021-10-02T16:04:59.078206Z name: live zebra owner: demo playbooks: @@ -5917,19 +5917,19 @@ paths: name: Phishing tasks: block-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block IOCs type: task block-sender: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Block sender next: extract-iocs: "" type: task board: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Board Involvement? next: @@ -5947,12 +5947,12 @@ paths: type: object type: input escalate: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Escalate to CISO type: task extract-iocs: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Extract IOCs next: @@ -5968,7 +5968,7 @@ paths: type: object type: input mail-available: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Mail available next: @@ -5997,7 +5997,7 @@ paths: type: object type: input search-email-gateway: - created: 2021-10-02T18:04:59.078186+02:00 + created: 2021-12-12T12:12:12.000000012Z done: false name: Search email gateway next: @@ -6103,9 +6103,9 @@ paths: } status: closed type: incident - - created: 2021-10-02T18:04:59.078186+02:00 + - created: 2021-10-02T16:04:59.078186Z id: 8125 - modified: 2021-10-02T18:04:59.078186+02:00 + modified: 2021-10-02T16:04:59.078186Z name: phishing from selenafadel@von.com detected owner: demo references: diff --git a/generated/restapi/embedded_spec.go b/generated/restapi/embedded_spec.go index 2aba816..94c4828 100644 --- a/generated/restapi/embedded_spec.go +++ b/generated/restapi/embedded_spec.go @@ -637,7 +637,7 @@ func init() { "examples": { "test": [ { - "created": "2021-10-02T18:05:00.333535+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511" @@ -1328,9 +1328,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -1338,13 +1338,13 @@ func init() { "name": "Phishing", "tasks": { "block-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -1353,7 +1353,7 @@ func init() { "type": "task" }, "board": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -1377,13 +1377,13 @@ func init() { "type": "input" }, "escalate": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -1405,7 +1405,7 @@ func init() { "type": "input" }, "mail-available": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -1448,7 +1448,7 @@ func init() { "type": "input" }, "search-email-gateway": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -1478,9 +1478,9 @@ func init() { "type": "incident" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -1502,9 +1502,9 @@ func init() { "type": "alert" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -1570,9 +1570,9 @@ func init() { }, "examples": { "test": { - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-12-12T12:12:12.000000012Z", "id": 123, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", @@ -1661,9 +1661,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -1684,9 +1684,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -1739,8 +1739,8 @@ func init() { }, { "x-example": { - "created": "2021-10-02T18:04:59.078186+02:00", - "modified": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ @@ -1778,9 +1778,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ @@ -1801,9 +1801,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -1926,9 +1926,9 @@ func init() { "type": "ip" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -1937,7 +1937,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -1945,7 +1945,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -1956,7 +1956,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -1982,7 +1982,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -1990,7 +1990,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -2014,7 +2014,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -2059,7 +2059,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -2206,9 +2206,9 @@ func init() { "status": "clean" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -2217,7 +2217,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -2225,7 +2225,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -2236,7 +2236,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -2262,7 +2262,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -2270,7 +2270,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -2294,7 +2294,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -2339,7 +2339,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -2422,9 +2422,9 @@ func init() { "status": "clean" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -2433,7 +2433,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -2441,7 +2441,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -2452,7 +2452,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -2478,7 +2478,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -2486,7 +2486,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -2510,7 +2510,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -2555,7 +2555,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -2656,7 +2656,7 @@ func init() { { "enrichments": { "hash.sha1": { - "created": "2021-10-03T18:44:06.488923+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, @@ -2667,9 +2667,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -2678,7 +2678,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -2686,7 +2686,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -2697,7 +2697,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -2723,7 +2723,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -2731,7 +2731,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -2755,7 +2755,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -2800,7 +2800,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -2928,14 +2928,14 @@ func init() { "test": { "comments": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "My first comment" } ], - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -2956,9 +2956,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -3043,9 +3043,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -3054,7 +3054,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -3062,7 +3062,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -3073,7 +3073,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -3099,7 +3099,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -3107,7 +3107,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -3131,7 +3131,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -3176,7 +3176,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -3263,7 +3263,7 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "files": [ { "key": "myfile", @@ -3271,7 +3271,7 @@ func init() { } ], "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -3292,9 +3292,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -3361,9 +3361,9 @@ func init() { }, "examples": { "test": { - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": { @@ -3372,7 +3372,7 @@ func init() { "tasks": { "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to malware team", "order": 2, @@ -3381,7 +3381,7 @@ func init() { "hash": { "active": false, "automation": "hash.sha1", - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Hash the malware", "next": { @@ -3395,7 +3395,7 @@ func init() { }, "input": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Upload malware if possible", "next": { @@ -3436,9 +3436,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -3522,9 +3522,9 @@ func init() { "status": "malicious" } ], - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "references": [ @@ -3650,9 +3650,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -3661,7 +3661,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -3669,7 +3669,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -3680,7 +3680,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "boardInvolved": true }, @@ -3709,7 +3709,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -3717,7 +3717,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -3741,7 +3741,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -3786,7 +3786,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -3896,9 +3896,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -3907,7 +3907,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -3915,7 +3915,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -3926,8 +3926,8 @@ func init() { }, "board": { "active": false, - "closed": "2021-10-02T18:04:59.078186+02:00", - "created": "2021-10-02T18:04:59.078186+02:00", + "closed": "2021-12-12T12:12:12.000000012Z", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "boardInvolved": true }, @@ -3956,7 +3956,7 @@ func init() { }, "escalate": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -3964,7 +3964,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -3988,7 +3988,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -4033,7 +4033,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -4167,9 +4167,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -4182,9 +4182,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -4255,9 +4255,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -4278,9 +4278,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -4353,9 +4353,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -4423,9 +4423,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -4460,9 +4460,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -4470,13 +4470,13 @@ func init() { "name": "Phishing", "tasks": { "block-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -4485,7 +4485,7 @@ func init() { "type": "task" }, "board": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -4509,13 +4509,13 @@ func init() { "type": "input" }, "escalate": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -4537,7 +4537,7 @@ func init() { "type": "input" }, "mail-available": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -4580,7 +4580,7 @@ func init() { "type": "input" }, "search-email-gateway": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -4610,9 +4610,9 @@ func init() { "type": "incident" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -7665,7 +7665,7 @@ func init() { "examples": { "test": [ { - "created": "2021-10-02T18:05:00.333535+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511" @@ -8356,9 +8356,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -8366,13 +8366,13 @@ func init() { "name": "Phishing", "tasks": { "block-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -8381,7 +8381,7 @@ func init() { "type": "task" }, "board": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -8405,13 +8405,13 @@ func init() { "type": "input" }, "escalate": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -8433,7 +8433,7 @@ func init() { "type": "input" }, "mail-available": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -8476,7 +8476,7 @@ func init() { "type": "input" }, "search-email-gateway": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -8506,9 +8506,9 @@ func init() { "type": "incident" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -8530,9 +8530,9 @@ func init() { "type": "alert" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -8598,9 +8598,9 @@ func init() { }, "examples": { "test": { - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-12-12T12:12:12.000000012Z", "id": 123, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", @@ -8689,9 +8689,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -8712,9 +8712,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -8767,8 +8767,8 @@ func init() { }, { "x-example": { - "created": "2021-10-02T18:04:59.078186+02:00", - "modified": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ @@ -8806,9 +8806,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": [ @@ -8829,9 +8829,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -8954,9 +8954,9 @@ func init() { "type": "ip" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -8965,7 +8965,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -8973,7 +8973,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -8984,7 +8984,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -9010,7 +9010,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -9018,7 +9018,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -9042,7 +9042,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -9087,7 +9087,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -9234,9 +9234,9 @@ func init() { "status": "clean" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -9245,7 +9245,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -9253,7 +9253,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -9264,7 +9264,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -9290,7 +9290,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -9298,7 +9298,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -9322,7 +9322,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -9367,7 +9367,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -9450,9 +9450,9 @@ func init() { "status": "clean" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -9461,7 +9461,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -9469,7 +9469,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -9480,7 +9480,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -9506,7 +9506,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -9514,7 +9514,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -9538,7 +9538,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -9583,7 +9583,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -9684,7 +9684,7 @@ func init() { { "enrichments": { "hash.sha1": { - "created": "2021-10-03T18:44:06.488923+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" }, @@ -9695,9 +9695,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -9706,7 +9706,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -9714,7 +9714,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -9725,7 +9725,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -9751,7 +9751,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -9759,7 +9759,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -9783,7 +9783,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -9828,7 +9828,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -9956,14 +9956,14 @@ func init() { "test": { "comments": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "My first comment" } ], - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -9984,9 +9984,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -10071,9 +10071,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -10082,7 +10082,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -10090,7 +10090,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -10101,7 +10101,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -10127,7 +10127,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -10135,7 +10135,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -10159,7 +10159,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -10204,7 +10204,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -10291,7 +10291,7 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "files": [ { "key": "myfile", @@ -10299,7 +10299,7 @@ func init() { } ], "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -10320,9 +10320,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -10389,9 +10389,9 @@ func init() { }, "examples": { "test": { - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": { @@ -10400,7 +10400,7 @@ func init() { "tasks": { "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to malware team", "order": 2, @@ -10409,7 +10409,7 @@ func init() { "hash": { "active": false, "automation": "hash.sha1", - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Hash the malware", "next": { @@ -10423,7 +10423,7 @@ func init() { }, "input": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Upload malware if possible", "next": { @@ -10464,9 +10464,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -10550,9 +10550,9 @@ func init() { "status": "malicious" } ], - "created": "1985-04-12T23:20:50.52Z", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "1985-04-12T23:20:50.52Z", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "references": [ @@ -10678,9 +10678,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -10689,7 +10689,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -10697,7 +10697,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -10708,7 +10708,7 @@ func init() { }, "board": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "boardInvolved": true }, @@ -10737,7 +10737,7 @@ func init() { }, "escalate": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -10745,7 +10745,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -10769,7 +10769,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -10814,7 +10814,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -10924,9 +10924,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -10935,7 +10935,7 @@ func init() { "tasks": { "block-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, @@ -10943,7 +10943,7 @@ func init() { }, "block-sender": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -10954,8 +10954,8 @@ func init() { }, "board": { "active": false, - "closed": "2021-10-02T18:04:59.078186+02:00", - "created": "2021-10-02T18:04:59.078186+02:00", + "closed": "2021-12-12T12:12:12.000000012Z", + "created": "2021-12-12T12:12:12.000000012Z", "data": { "boardInvolved": true }, @@ -10984,7 +10984,7 @@ func init() { }, "escalate": { "active": true, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, @@ -10992,7 +10992,7 @@ func init() { }, "extract-iocs": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -11016,7 +11016,7 @@ func init() { }, "mail-available": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -11061,7 +11061,7 @@ func init() { }, "search-email-gateway": { "active": false, - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -11195,9 +11195,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -11210,9 +11210,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -11283,9 +11283,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ @@ -11306,9 +11306,9 @@ func init() { "status": "closed", "tickets": [ { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -11381,9 +11381,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -11451,9 +11451,9 @@ func init() { }, "examples": { "test": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8126, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": [ @@ -11488,9 +11488,9 @@ func init() { "status": "malicious" } ], - "created": "2021-10-02T18:04:59.078206+02:00", + "created": "2021-10-02T16:04:59.078206Z", "id": 8123, - "modified": "2021-10-02T18:04:59.078206+02:00", + "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": { @@ -11498,13 +11498,13 @@ func init() { "name": "Phishing", "tasks": { "block-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task" }, "block-sender": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": { @@ -11513,7 +11513,7 @@ func init() { "type": "task" }, "board": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": { @@ -11537,13 +11537,13 @@ func init() { "type": "input" }, "escalate": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task" }, "extract-iocs": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": { @@ -11565,7 +11565,7 @@ func init() { "type": "input" }, "mail-available": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": { @@ -11608,7 +11608,7 @@ func init() { "type": "input" }, "search-email-gateway": { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": { @@ -11638,9 +11638,9 @@ func init() { "type": "incident" }, { - "created": "2021-10-02T18:04:59.078186+02:00", + "created": "2021-10-02T16:04:59.078186Z", "id": 8125, - "modified": "2021-10-02T18:04:59.078186+02:00", + "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": [ diff --git a/generated/test/api_server_test.go b/generated/test/api_server_test.go index 62dad9c..c9b4d24 100644 --- a/generated/test/api_server_test.go +++ b/generated/test/api_server_test.go @@ -7,6 +7,7 @@ import ( "net/http" "net/http/httptest" "testing" + "time" "github.com/gin-gonic/gin" "github.com/stretchr/testify/assert" @@ -15,10 +16,18 @@ import ( "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/test" + ctime "github.com/SecurityBrewery/catalyst/time" ) +type testClock struct{} + +func (testClock) Now() time.Time { + return time.Date(2021, 12, 12, 12, 12, 12, 12, time.UTC) +} + func TestService(t *testing.T) { gin.SetMode(gin.TestMode) + ctime.DefaultClock = testClock{} type args struct { method string @@ -40,7 +49,7 @@ func TestService(t *testing.T) { args: args{method: "POST", url: "/api/tickets/8123/artifacts", data: map[string]interface{}{"name": "2.2.2.2"}}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}, map[string]interface{}{"name": "2.2.2.2", "status": "unknown", "type": "ip"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}, map[string]interface{}{"name": "2.2.2.2", "status": "unknown", "type": "ip"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -48,7 +57,7 @@ func TestService(t *testing.T) { args: args{method: "POST", url: "/api/tickets/8125/comments", data: map[string]interface{}{"message": "My first comment"}}, want: want{ status: 200, - body: map[string]interface{}{"comments": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "creator": "bob", "message": "My first comment"}}, "created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"comments": []interface{}{map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "My first comment"}}, "created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -56,7 +65,7 @@ func TestService(t *testing.T) { args: args{method: "POST", url: "/api/tickets/8125/playbooks", data: map[string]interface{}{"yaml": "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n"}}, want: want{ status: 200, - body: map[string]interface{}{"created": "1985-04-12T23:20:50.52Z", "id": 8125, "modified": "1985-04-12T23:20:50.52Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": map[string]interface{}{"simple": map[string]interface{}{"name": "Simple", "tasks": map[string]interface{}{"escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to malware team", "order": 2, "type": "task"}, "hash": map[string]interface{}{"active": false, "automation": "hash.sha1", "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Hash the malware", "next": map[string]interface{}{"escalate": ""}, "order": 1, "payload": map[string]interface{}{"default": "playbook.tasks['input'].data['malware']"}, "type": "automation"}, "input": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Upload malware if possible", "next": map[string]interface{}{"hash": "malware != ''"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"malware": map[string]interface{}{"default": "", "title": "Select malware", "type": "string"}}, "title": "Malware", "type": "object"}, "type": "input"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "playbooks": map[string]interface{}{"simple": map[string]interface{}{"name": "Simple", "tasks": map[string]interface{}{"escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to malware team", "order": 2, "type": "task"}, "hash": map[string]interface{}{"active": false, "automation": "hash.sha1", "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Hash the malware", "next": map[string]interface{}{"escalate": ""}, "order": 1, "payload": map[string]interface{}{"default": "playbook.tasks['input'].data['malware']"}, "type": "automation"}, "input": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Upload malware if possible", "next": map[string]interface{}{"hash": "malware != ''"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"malware": map[string]interface{}{"default": "", "title": "Select malware", "type": "string"}}, "title": "Malware", "type": "object"}, "type": "input"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -64,7 +73,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8123/playbooks/phishing/task/board/complete", data: map[string]interface{}{"boardInvolved": true}}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": false, "closed": "2021-10-02T18:04:59.078186+02:00", "created": "2021-10-02T18:04:59.078186+02:00", "data": map[string]interface{}{"boardInvolved": true}, "done": true, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": false, "closed": "2021-12-12T12:12:12.000000012Z", "created": "2021-12-12T12:12:12.000000012Z", "data": map[string]interface{}{"boardInvolved": true}, "done": true, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -96,7 +105,7 @@ func TestService(t *testing.T) { args: args{method: "POST", url: "/api/tickets", data: map[string]interface{}{"id": 123, "name": "Wannacry infection", "owner": "bob", "status": "open", "type": "incident"}}, want: want{ status: 200, - body: map[string]interface{}{"created": "1985-04-12T23:20:50.52Z", "id": 123, "modified": "1985-04-12T23:20:50.52Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", "status": "open", "type": "incident"}, + body: map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "id": 123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "Wannacry infection", "owner": "bob", "schema": "{}", "status": "open", "type": "incident"}, }, }, { @@ -192,7 +201,7 @@ func TestService(t *testing.T) { args: args{method: "POST", url: "/api/tickets/8123/artifacts/leadreintermediate.io/enrich", data: map[string]interface{}{"data": map[string]interface{}{"hash": "b7a067a742c20d07a7456646de89bc2d408a1153"}, "name": "hash.sha1"}}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"enrichments": map[string]interface{}{"hash.sha1": map[string]interface{}{"created": "2021-10-03T18:44:06.488923+02:00", "data": map[string]interface{}{"hash": "b7a067a742c20d07a7456646de89bc2d408a1153"}, "name": "hash.sha1"}}, "name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"enrichments": map[string]interface{}{"hash.sha1": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "data": map[string]interface{}{"hash": "b7a067a742c20d07a7456646de89bc2d408a1153"}, "name": "hash.sha1"}}, "name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -224,7 +233,7 @@ func TestService(t *testing.T) { args: args{method: "GET", url: "/api/logs/tickets%252F294511"}, want: want{ status: 200, - body: []interface{}{map[string]interface{}{"created": "2021-10-02T18:05:00.333535+02:00", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511"}}, + body: []interface{}{map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "creator": "bob", "message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.", "reference": "tickets/294511"}}, }, }, { @@ -264,7 +273,7 @@ func TestService(t *testing.T) { args: args{method: "GET", url: "/api/tickets/8125"}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -296,7 +305,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8125/files", data: []interface{}{map[string]interface{}{"key": "myfile", "name": "document.doc"}}}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "files": []interface{}{map[string]interface{}{"key": "myfile", "name": "document.doc"}}, "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "files": []interface{}{map[string]interface{}{"key": "myfile", "name": "document.doc"}}, "id": 8125, "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -304,7 +313,7 @@ func TestService(t *testing.T) { args: args{method: "PATCH", url: "/api/tickets/8126/tickets", data: 8123}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task"}, "block-sender": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}, "board": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task"}, "extract-iocs": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task"}, "block-sender": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}, "board": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task"}, "extract-iocs": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -360,7 +369,7 @@ func TestService(t *testing.T) { args: args{method: "GET", url: "/api/tickets"}, want: want{ status: 200, - body: map[string]interface{}{"count": 3, "tickets": []interface{}{map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "type": "task"}, "block-sender": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}, "board": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "type": "task"}, "extract-iocs": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}, map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}}, + body: map[string]interface{}{"count": 3, "tickets": []interface{}{map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "type": "task"}, "block-sender": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}, "board": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "type": "task"}, "extract-iocs": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}, map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}}, }, }, { @@ -384,7 +393,7 @@ func TestService(t *testing.T) { args: args{method: "DELETE", url: "/api/tickets/8123/artifacts/leadreintermediate.io"}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -392,7 +401,7 @@ func TestService(t *testing.T) { args: args{method: "DELETE", url: "/api/tickets/8123/comments/0"}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -400,7 +409,7 @@ func TestService(t *testing.T) { args: args{method: "DELETE", url: "/api/tickets/8123/playbooks/phishing"}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "1985-04-12T23:20:50.52Z", "id": 8123, "modified": "1985-04-12T23:20:50.52Z", "name": "live zebra", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -432,7 +441,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8123/artifacts/leadreintermediate.io", data: map[string]interface{}{"name": "leadreintermediate.io", "status": "clean"}}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "clean"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "clean"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-10-02T16:04:59.078206Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -440,7 +449,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8125/references", data: []interface{}{map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -448,7 +457,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8125/schema", data: "{}"}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8125, "modified": "2021-10-02T16:04:59.078186Z", "name": "phishing from selenafadel@von.com detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -456,7 +465,7 @@ func TestService(t *testing.T) { args: args{method: "PUT", url: "/api/tickets/8123/playbooks/phishing/task/board", data: map[string]interface{}{"active": true, "data": map[string]interface{}{"boardInvolved": true}, "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}}, want: want{ status: 200, - body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T18:04:59.078206+02:00", "id": 8123, "modified": "2021-10-02T18:04:59.078206+02:00", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-10-02T18:04:59.078186+02:00", "data": map[string]interface{}{"boardInvolved": true}, "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-10-02T18:04:59.078186+02:00", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, + body: map[string]interface{}{"artifacts": []interface{}{map[string]interface{}{"name": "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", "status": "unknown"}, map[string]interface{}{"name": "http://www.customerviral.io/scalable/vertical/killer", "status": "clean"}, map[string]interface{}{"name": "leadreintermediate.io", "status": "malicious"}}, "created": "2021-10-02T16:04:59.078206Z", "id": 8123, "modified": "2021-12-12T12:12:12.000000012Z", "name": "live zebra", "owner": "demo", "playbooks": map[string]interface{}{"phishing": map[string]interface{}{"name": "Phishing", "tasks": map[string]interface{}{"block-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block IOCs", "order": 6, "type": "task"}, "block-sender": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Block sender", "next": map[string]interface{}{"extract-iocs": ""}, "order": 3, "type": "task"}, "board": map[string]interface{}{"active": true, "created": "2021-12-12T12:12:12.000000012Z", "data": map[string]interface{}{"boardInvolved": true}, "done": false, "name": "Board Involvement?", "next": map[string]interface{}{"escalate": "boardInvolved == true", "mail-available": "boardInvolved == false"}, "order": 0, "schema": map[string]interface{}{"properties": map[string]interface{}{"boardInvolved": map[string]interface{}{"default": false, "title": "A board member is involved.", "type": "boolean"}}, "required": []interface{}{"boardInvolved"}, "title": "Board Involvement?", "type": "object"}, "type": "input"}, "escalate": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Escalate to CISO", "order": 1, "type": "task"}, "extract-iocs": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Extract IOCs", "next": map[string]interface{}{"block-iocs": ""}, "order": 5, "schema": map[string]interface{}{"properties": map[string]interface{}{"iocs": map[string]interface{}{"items": map[string]interface{}{"type": "string"}, "title": "IOCs", "type": "array"}}, "title": "Extract IOCs", "type": "object"}, "type": "input"}, "mail-available": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Mail available", "next": map[string]interface{}{"block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'"}, "order": 2, "schema": map[string]interface{}{"oneOf": []interface{}{map[string]interface{}{"properties": map[string]interface{}{"mail": map[string]interface{}{"title": "Mail", "type": "string", "x-display": "textarea"}, "schemaKey": map[string]interface{}{"const": "yes", "type": "string"}}, "required": []interface{}{"mail"}, "title": "Yes"}, map[string]interface{}{"properties": map[string]interface{}{"schemaKey": map[string]interface{}{"const": "no", "type": "string"}}, "title": "No"}}, "title": "Mail available", "type": "object"}, "type": "input"}, "search-email-gateway": map[string]interface{}{"active": false, "created": "2021-12-12T12:12:12.000000012Z", "done": false, "name": "Search email gateway", "next": map[string]interface{}{"extract-iocs": ""}, "order": 4, "type": "task"}}}}, "references": []interface{}{map[string]interface{}{"href": "https://www.leadmaximize.net/e-services/back-end", "name": "performance"}, map[string]interface{}{"href": "http://www.corporateinteractive.name/rich", "name": "autumn"}, map[string]interface{}{"href": "https://www.corporateintuitive.org/intuitive/platforms/integrate", "name": "suggest"}}, "schema": "{\n \"definitions\": {},\n \"$schema\": \"http://json-schema.org/draft-07/schema#\",\n \"$id\": \"https://example.com/object1618746510.json\",\n \"title\": \"Event\",\n \"type\": \"object\",\n \"required\": [\n \"severity\",\n \"description\",\n \"tlp\"\n ],\n \"properties\": {\n \"severity\": {\n \"$id\": \"#root/severity\",\n \"title\": \"Severity\",\n \"type\": \"string\",\n \"default\": \"Medium\",\n \"nx-enum\": [\n \"Low\",\n \"Medium\",\n \"High\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"Low\",\n \"title\": \"Low\",\n \"icon\": \"mdi-chevron-up\"\n },\n {\n \"const\": \"Medium\",\n \"title\": \"Medium\",\n \"icon\": \"mdi-chevron-double-up\"\n },\n {\n \"const\": \"High\",\n \"title\": \"High\",\n \"icon\": \"mdi-chevron-triple-up\"\n }\n ]\n },\n \"tlp\": {\n \"$id\": \"#root/tlp\",\n \"title\": \"TLP\",\n \"type\": \"string\",\n \"nx-enum\": [\n \"White\",\n \"Green\",\n \"Amber\",\n \"Red\"\n ],\n \"x-cols\": 6,\n \"x-class\": \"pr-2\",\n \"x-display\": \"icon\",\n \"x-itemIcon\": \"icon\",\n \"oneOf\": [\n {\n \"const\": \"White\",\n \"title\": \"White\",\n \"icon\": \"mdi-alpha-w\"\n },\n {\n \"const\": \"Green\",\n \"title\": \"Green\",\n \"icon\": \"mdi-alpha-g\"\n },\n {\n \"const\": \"Amber\",\n \"title\": \"Amber\",\n \"icon\": \"mdi-alpha-a\"\n },\n {\n \"const\": \"Red\",\n \"title\": \"Red\",\n \"icon\": \"mdi-alpha-r\"\n }\n ]\n },\n \"description\": {\n \"$id\": \"#root/description\",\n \"title\": \"Description\",\n \"type\": \"string\",\n \"x-display\": \"textarea\",\n \"x-class\": \"pr-2\"\n }\n }\n}\n", "status": "closed", "type": "incident"}, }, }, { @@ -464,7 +473,7 @@ func TestService(t *testing.T) { args: args{method: "DELETE", url: "/api/tickets/8126/tickets", data: 8125}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}, + body: map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}, }, }, { @@ -509,10 +518,10 @@ func TestService(t *testing.T) { }, { name: "UpdateTicket", - args: args{method: "PUT", url: "/api/tickets/8125", data: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}}, + args: args{method: "PUT", url: "/api/tickets/8125", data: map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "type": "alert"}}, want: want{ status: 200, - body: map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8125, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T18:04:59.078186+02:00", "id": 8126, "modified": "2021-10-02T18:04:59.078186+02:00", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, + body: map[string]interface{}{"created": "2021-12-12T12:12:12.000000012Z", "id": 8125, "modified": "2021-12-12T12:12:12.000000012Z", "name": "phishing from selenafadel@von.org detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "https://www.seniorleading-edge.name/users/efficient", "name": "recovery"}, map[string]interface{}{"href": "http://www.dynamicseamless.com/clicks-and-mortar", "name": "force"}, map[string]interface{}{"href": "http://www.leadscalable.biz/envisioneer", "name": "fund"}}, "schema": "{}", "status": "closed", "tickets": []interface{}{map[string]interface{}{"created": "2021-10-02T16:04:59.078186Z", "id": 8126, "modified": "2021-10-02T16:04:59.078186Z", "name": "Surfaceintroduce virus detected", "owner": "demo", "references": []interface{}{map[string]interface{}{"href": "http://www.centralworld-class.io/synthesize", "name": "university"}, map[string]interface{}{"href": "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", "name": "goal"}, map[string]interface{}{"href": "http://www.chiefsyndicate.io/action-items", "name": "unemployment"}}, "schema": "{}", "status": "closed", "type": "alert"}}, "type": "alert"}, }, }, { @@ -605,53 +614,7 @@ func jsonEqual(t *testing.T, got io.Reader, want interface{}) { t.Fatal(err) } - fields := []string{ - "created", "modified", "logs.0.created", - "artifacts.0.enrichments.hash\\.sha1.created", - "artifacts.1.enrichments.hash\\.sha1.created", - "artifacts.2.enrichments.hash\\.sha1.created", - - "playbooks.simple.tasks.input.created", - "playbooks.simple.tasks.hash.created", - "playbooks.simple.tasks.escalate.created", - - "playbooks.phishing.tasks.input.created", - "playbooks.phishing.tasks.hash.created", - "playbooks.phishing.tasks.escalate.created", - - "playbooks.phishing.tasks.block-ioc.created", - "playbooks.phishing.tasks.block-iocs.created", - "playbooks.phishing.tasks.block-sender.created", - "playbooks.phishing.tasks.board.created", - "playbooks.phishing.tasks.board.closed", - "playbooks.phishing.tasks.escalate.created", - "playbooks.phishing.tasks.extract-iocs.created", - "playbooks.phishing.tasks.fetch-iocs.created", - "playbooks.phishing.tasks.mail-available.created", - "playbooks.phishing.tasks.search-email-gateway.created", - - "0.playbooks.phishing.tasks.block-ioc.created", - "0.playbooks.phishing.tasks.block-iocs.created", - "0.playbooks.phishing.tasks.block-sender.created", - "0.playbooks.phishing.tasks.board.created", - "0.playbooks.phishing.tasks.escalate.created", - "0.playbooks.phishing.tasks.extract-iocs.created", - "0.playbooks.phishing.tasks.fetch-iocs.created", - "0.playbooks.phishing.tasks.mail-available.created", - "0.playbooks.phishing.tasks.search-email-gateway.created", - - "tickets.0.playbooks.phishing.tasks.block-ioc.created", - "tickets.0.playbooks.phishing.tasks.block-iocs.created", - "tickets.0.playbooks.phishing.tasks.block-sender.created", - "tickets.0.playbooks.phishing.tasks.board.created", - "tickets.0.playbooks.phishing.tasks.escalate.created", - "tickets.0.playbooks.phishing.tasks.extract-iocs.created", - "tickets.0.playbooks.phishing.tasks.fetch-iocs.created", - "tickets.0.playbooks.phishing.tasks.mail-available.created", - "tickets.0.playbooks.phishing.tasks.search-email-gateway.created", - - "secret", "0.created", "comments.0.created", - } + fields := []string{"secret"} for _, field := range fields { gField := gjson.GetBytes(wantBytes, field) if gField.Exists() && gjson.GetBytes(gotBytes, field).Exists() { diff --git a/generator/templates/api_server_test.gotmpl b/generator/templates/api_server_test.gotmpl index f988782..e347e6b 100644 --- a/generator/templates/api_server_test.gotmpl +++ b/generator/templates/api_server_test.gotmpl @@ -4,26 +4,34 @@ import ( "bytes" "context" "encoding/json" - "github.com/SecurityBrewery/catalyst/database" - "github.com/go-openapi/swag" "io" "net/http" "net/http/httptest" "testing" "time" + "github.com/go-openapi/swag" "github.com/gin-gonic/gin" "github.com/stretchr/testify/assert" "github.com/tidwall/gjson" "github.com/tidwall/sjson" + ctime "github.com/SecurityBrewery/catalyst/time" + "github.com/SecurityBrewery/catalyst/database" "github.com/SecurityBrewery/catalyst/database/busdb" "github.com/SecurityBrewery/catalyst/generated/models" "github.com/SecurityBrewery/catalyst/test" ) +type testClock struct {} + +func (testClock) Now() time.Time { + return time.Date(2021, 12, 12, 12, 12, 12, 12, time.UTC) +} + func TestService(t *testing.T) { gin.SetMode(gin.TestMode) + ctime.DefaultClock = testClock{} type args struct { method string @@ -114,53 +122,7 @@ func jsonEqual(t *testing.T, got io.Reader, want interface{}) { t.Fatal(err) } - fields := []string{ - "created", "modified", "logs.0.created", - "artifacts.0.enrichments.hash\\.sha1.created", - "artifacts.1.enrichments.hash\\.sha1.created", - "artifacts.2.enrichments.hash\\.sha1.created", - - "playbooks.simple.tasks.input.created", - "playbooks.simple.tasks.hash.created", - "playbooks.simple.tasks.escalate.created", - - "playbooks.phishing.tasks.input.created", - "playbooks.phishing.tasks.hash.created", - "playbooks.phishing.tasks.escalate.created", - - "playbooks.phishing.tasks.block-ioc.created", - "playbooks.phishing.tasks.block-iocs.created", - "playbooks.phishing.tasks.block-sender.created", - "playbooks.phishing.tasks.board.created", - "playbooks.phishing.tasks.board.closed", - "playbooks.phishing.tasks.escalate.created", - "playbooks.phishing.tasks.extract-iocs.created", - "playbooks.phishing.tasks.fetch-iocs.created", - "playbooks.phishing.tasks.mail-available.created", - "playbooks.phishing.tasks.search-email-gateway.created", - - "0.playbooks.phishing.tasks.block-ioc.created", - "0.playbooks.phishing.tasks.block-iocs.created", - "0.playbooks.phishing.tasks.block-sender.created", - "0.playbooks.phishing.tasks.board.created", - "0.playbooks.phishing.tasks.escalate.created", - "0.playbooks.phishing.tasks.extract-iocs.created", - "0.playbooks.phishing.tasks.fetch-iocs.created", - "0.playbooks.phishing.tasks.mail-available.created", - "0.playbooks.phishing.tasks.search-email-gateway.created", - - "tickets.0.playbooks.phishing.tasks.block-ioc.created", - "tickets.0.playbooks.phishing.tasks.block-iocs.created", - "tickets.0.playbooks.phishing.tasks.block-sender.created", - "tickets.0.playbooks.phishing.tasks.board.created", - "tickets.0.playbooks.phishing.tasks.escalate.created", - "tickets.0.playbooks.phishing.tasks.extract-iocs.created", - "tickets.0.playbooks.phishing.tasks.fetch-iocs.created", - "tickets.0.playbooks.phishing.tasks.mail-available.created", - "tickets.0.playbooks.phishing.tasks.search-email-gateway.created", - - "secret", "0.created", "comments.0.created", - } + fields := []string{"secret"} for _, field := range fields { gField := gjson.GetBytes(wantBytes, field) if gField.Exists() && gjson.GetBytes(gotBytes, field).Exists() { diff --git a/test/data.go b/test/data.go index fcbd4ab..1d39c17 100644 --- a/test/data.go +++ b/test/data.go @@ -89,5 +89,7 @@ func parse(s string) *time.Time { if err != nil { panic(err) } - return &modified + + utc := modified.UTC() + return &utc } diff --git a/time/time.go b/time/time.go new file mode 100644 index 0000000..6d19021 --- /dev/null +++ b/time/time.go @@ -0,0 +1,19 @@ +package time + +import "time" + +type Clock interface { + Now() time.Time +} + +type realClock struct{} + +func (realClock) Now() time.Time { + return time.Now() +} + +var DefaultClock Clock = &realClock{} + +func Now() time.Time { + return DefaultClock.Now() +}