CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2025-12-06 07:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Mock time (#2)

Browse Source
This commit is contained in:
Jonas Plum
2021-12-27 00:17:44 +01:00
committed by GitHub
parent 0286574692
commit 1fade14ba5
19 changed files with 916 additions and 969 deletions
Download Patch File Download Diff File Expand all files Collapse all files

172
generated/catalyst.json
View File

@@ -720,7 +720,7 @@
},
"test" : {
"example" : [ {
"created" : "2021-10-02T16:05:00.334+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.",
"reference" : "tickets/294511"
@@ -1537,13 +1537,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1552,7 +1552,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1574,13 +1574,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1602,7 +1602,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1640,7 +1640,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1738,9 +1738,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "Wannacry infection",
"owner" : "bob",
"schema" : "{}",
@@ -1893,9 +1893,9 @@
},
"test" : {
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.org detected",
"owner" : "demo",
"references" : [ {
@@ -1996,7 +1996,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2005,7 +2005,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2013,7 +2013,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2024,7 +2024,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2048,7 +2048,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2056,7 +2056,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2080,7 +2080,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2120,7 +2120,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2200,7 +2200,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2209,7 +2209,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2217,7 +2217,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2228,7 +2228,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2252,7 +2252,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2260,7 +2260,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2284,7 +2284,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2324,7 +2324,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2468,7 +2468,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2476,7 +2476,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2487,7 +2487,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2511,7 +2511,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2519,7 +2519,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2543,7 +2543,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2583,7 +2583,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2673,7 +2673,7 @@
}, {
"enrichments" : {
"hash.sha1" : {
"created" : "2021-10-03T16:44:06.489+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"hash" : "b7a067a742c20d07a7456646de89bc2d408a1153"
},
@@ -2694,7 +2694,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2702,7 +2702,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2713,7 +2713,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2737,7 +2737,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2745,7 +2745,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2769,7 +2769,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2809,7 +2809,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2927,13 +2927,13 @@
"test" : {
"example" : {
"comments" : [ {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "My first comment"
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3029,7 +3029,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3038,7 +3038,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3046,7 +3046,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3057,7 +3057,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -3081,7 +3081,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3089,7 +3089,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3113,7 +3113,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3153,7 +3153,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3236,7 +3236,7 @@
"name" : "document.doc"
} ],
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3321,9 +3321,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"playbooks" : {
@@ -3332,7 +3332,7 @@
"tasks" : {
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to malware team",
"order" : 2,
@@ -3341,7 +3341,7 @@
"hash" : {
"active" : false,
"automation" : "hash.sha1",
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Hash the malware",
"next" : {
@@ -3355,7 +3355,7 @@
},
"input" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Upload malware if possible",
"next" : {
@@ -3465,9 +3465,9 @@
"name" : "leadreintermediate.io",
"status" : "malicious"
} ],
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"references" : [ {
@@ -3561,7 +3561,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3570,7 +3570,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3578,7 +3578,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3589,7 +3589,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3616,7 +3616,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3624,7 +3624,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3648,7 +3648,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3688,7 +3688,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3792,7 +3792,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3801,7 +3801,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3809,7 +3809,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3820,8 +3820,8 @@
},
"board" : {
"active" : false,
"closed" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"closed" : "2021-12-12T12:12:12.000+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3848,7 +3848,7 @@
},
"escalate" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3856,7 +3856,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3880,7 +3880,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3920,7 +3920,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -4044,7 +4044,7 @@
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -4315,13 +4315,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -4330,7 +4330,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -4352,13 +4352,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -4380,7 +4380,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -4418,7 +4418,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {

264
generated/catalyst.yml
View File

@@ -1931,7 +1931,7 @@ paths:
description: successful operation
examples:
test:
- created: 2021-10-02T18:05:00.333535+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: Fail run account resist lend solve incident centre priority
temperature. Cause change distribution examine location technique
@@ -3381,9 +3381,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -3391,19 +3391,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3421,12 +3421,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3442,7 +3442,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3471,7 +3471,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3577,9 +3577,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3592,9 +3592,9 @@ paths:
schema: '{}'
status: closed
type: alert
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3635,9 +3635,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-12-12T12:12:12.000000012Z
id: 123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: Wannacry infection
owner: bob
schema: '{}'
@@ -3686,9 +3686,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3701,9 +3701,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3742,8 +3742,8 @@ paths:
schema:
$ref: '#/definitions/Ticket'
x-example:
created: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3761,9 +3761,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3776,9 +3776,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3834,9 +3834,9 @@ paths:
- name: 2.2.2.2
status: unknown
type: ip
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3845,14 +3845,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3861,7 +3861,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3881,14 +3881,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3906,7 +3906,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3937,7 +3937,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4078,9 +4078,9 @@ paths:
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4089,14 +4089,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4105,7 +4105,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4125,14 +4125,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4150,7 +4150,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4181,7 +4181,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4361,9 +4361,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4372,14 +4372,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4388,7 +4388,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4408,14 +4408,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4433,7 +4433,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4464,7 +4464,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4616,15 +4616,15 @@ paths:
status: clean
- enrichments:
hash.sha1:
created: 2021-10-03T18:44:06.488923+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4633,14 +4633,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4649,7 +4649,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4669,14 +4669,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4694,7 +4694,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4725,7 +4725,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4895,12 +4895,12 @@ paths:
examples:
test:
comments:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: My first comment
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4913,9 +4913,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4967,9 +4967,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4978,14 +4978,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4994,7 +4994,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -5014,14 +5014,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5039,7 +5039,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5070,7 +5070,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5214,12 +5214,12 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
files:
- key: myfile
name: document.doc
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5232,9 +5232,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5308,9 +5308,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
playbooks:
@@ -5319,7 +5319,7 @@ paths:
tasks:
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to malware team
order: 2
@@ -5327,7 +5327,7 @@ paths:
hash:
active: false
automation: hash.sha1
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Hash the malware
next:
@@ -5338,7 +5338,7 @@ paths:
type: automation
input:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Upload malware if possible
next:
@@ -5363,9 +5363,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5413,9 +5413,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
references:
@@ -5588,9 +5588,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5599,14 +5599,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5615,7 +5615,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: false
@@ -5637,14 +5637,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5662,7 +5662,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5693,7 +5693,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5851,9 +5851,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5862,14 +5862,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5878,8 +5878,8 @@ paths:
type: task
board:
active: false
closed: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T18:04:59.078186+02:00
closed: 2021-12-12T12:12:12.000000012Z
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: true
@@ -5901,14 +5901,14 @@ paths:
type: input
escalate:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5926,7 +5926,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5957,7 +5957,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6131,9 +6131,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -6142,9 +6142,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6188,9 +6188,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -6203,9 +6203,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6251,9 +6251,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6297,9 +6297,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6319,9 +6319,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -6329,19 +6329,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -6359,12 +6359,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -6380,7 +6380,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -6409,7 +6409,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6515,9 +6515,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:

172
generated/community.json
View File

@@ -488,7 +488,7 @@
},
"test" : {
"example" : [ {
"created" : "2021-10-02T16:05:00.334+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.",
"reference" : "tickets/294511"
@@ -1107,13 +1107,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1122,7 +1122,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1144,13 +1144,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1172,7 +1172,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1210,7 +1210,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1308,9 +1308,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "Wannacry infection",
"owner" : "bob",
"schema" : "{}",
@@ -1463,9 +1463,9 @@
},
"test" : {
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.org detected",
"owner" : "demo",
"references" : [ {
@@ -1566,7 +1566,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -1575,7 +1575,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -1583,7 +1583,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1594,7 +1594,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1618,7 +1618,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -1626,7 +1626,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1650,7 +1650,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1690,7 +1690,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1770,7 +1770,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -1779,7 +1779,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -1787,7 +1787,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1798,7 +1798,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1822,7 +1822,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -1830,7 +1830,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1854,7 +1854,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1894,7 +1894,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2038,7 +2038,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2046,7 +2046,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2057,7 +2057,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2081,7 +2081,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2089,7 +2089,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2113,7 +2113,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2153,7 +2153,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2243,7 +2243,7 @@
}, {
"enrichments" : {
"hash.sha1" : {
"created" : "2021-10-03T16:44:06.489+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"hash" : "b7a067a742c20d07a7456646de89bc2d408a1153"
},
@@ -2264,7 +2264,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2272,7 +2272,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2283,7 +2283,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2307,7 +2307,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2315,7 +2315,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2339,7 +2339,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2379,7 +2379,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2497,13 +2497,13 @@
"test" : {
"example" : {
"comments" : [ {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "My first comment"
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -2599,7 +2599,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2608,7 +2608,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2616,7 +2616,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2627,7 +2627,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2651,7 +2651,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2659,7 +2659,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2683,7 +2683,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2723,7 +2723,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2806,7 +2806,7 @@
"name" : "document.doc"
} ],
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -2891,9 +2891,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"playbooks" : {
@@ -2902,7 +2902,7 @@
"tasks" : {
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to malware team",
"order" : 2,
@@ -2911,7 +2911,7 @@
"hash" : {
"active" : false,
"automation" : "hash.sha1",
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Hash the malware",
"next" : {
@@ -2925,7 +2925,7 @@
},
"input" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Upload malware if possible",
"next" : {
@@ -3035,9 +3035,9 @@
"name" : "leadreintermediate.io",
"status" : "malicious"
} ],
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"references" : [ {
@@ -3131,7 +3131,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3140,7 +3140,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3148,7 +3148,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3159,7 +3159,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3186,7 +3186,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3194,7 +3194,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3218,7 +3218,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3258,7 +3258,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3362,7 +3362,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3371,7 +3371,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3379,7 +3379,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3390,8 +3390,8 @@
},
"board" : {
"active" : false,
"closed" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"closed" : "2021-12-12T12:12:12.000+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3418,7 +3418,7 @@
},
"escalate" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3426,7 +3426,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3450,7 +3450,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3490,7 +3490,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3614,7 +3614,7 @@
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3885,13 +3885,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3900,7 +3900,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -3922,13 +3922,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3950,7 +3950,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3988,7 +3988,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {

264
generated/community.yml
View File

@@ -1660,7 +1660,7 @@ paths:
description: successful operation
examples:
test:
- created: 2021-10-02T18:05:00.333535+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: Fail run account resist lend solve incident centre priority
temperature. Cause change distribution examine location technique
@@ -2969,9 +2969,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -2979,19 +2979,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3009,12 +3009,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3030,7 +3030,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3059,7 +3059,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3165,9 +3165,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3180,9 +3180,9 @@ paths:
schema: '{}'
status: closed
type: alert
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3223,9 +3223,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-12-12T12:12:12.000000012Z
id: 123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: Wannacry infection
owner: bob
schema: '{}'
@@ -3274,9 +3274,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3289,9 +3289,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3330,8 +3330,8 @@ paths:
schema:
$ref: '#/definitions/Ticket'
x-example:
created: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3349,9 +3349,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3364,9 +3364,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3422,9 +3422,9 @@ paths:
- name: 2.2.2.2
status: unknown
type: ip
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3433,14 +3433,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3449,7 +3449,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3469,14 +3469,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3494,7 +3494,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3525,7 +3525,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3666,9 +3666,9 @@ paths:
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3677,14 +3677,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3693,7 +3693,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3713,14 +3713,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3738,7 +3738,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3769,7 +3769,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3949,9 +3949,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -3960,14 +3960,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3976,7 +3976,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3996,14 +3996,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4021,7 +4021,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4052,7 +4052,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4204,15 +4204,15 @@ paths:
status: clean
- enrichments:
hash.sha1:
created: 2021-10-03T18:44:06.488923+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4221,14 +4221,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4237,7 +4237,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4257,14 +4257,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4282,7 +4282,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4313,7 +4313,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4483,12 +4483,12 @@ paths:
examples:
test:
comments:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: My first comment
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4501,9 +4501,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4555,9 +4555,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4566,14 +4566,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4582,7 +4582,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4602,14 +4602,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4627,7 +4627,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4658,7 +4658,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4802,12 +4802,12 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
files:
- key: myfile
name: document.doc
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4820,9 +4820,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4896,9 +4896,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
playbooks:
@@ -4907,7 +4907,7 @@ paths:
tasks:
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to malware team
order: 2
@@ -4915,7 +4915,7 @@ paths:
hash:
active: false
automation: hash.sha1
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Hash the malware
next:
@@ -4926,7 +4926,7 @@ paths:
type: automation
input:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Upload malware if possible
next:
@@ -4951,9 +4951,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5001,9 +5001,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
references:
@@ -5176,9 +5176,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5187,14 +5187,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5203,7 +5203,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: false
@@ -5225,14 +5225,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5250,7 +5250,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5281,7 +5281,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5439,9 +5439,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5450,14 +5450,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5466,8 +5466,8 @@ paths:
type: task
board:
active: false
closed: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T18:04:59.078186+02:00
closed: 2021-12-12T12:12:12.000000012Z
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: true
@@ -5489,14 +5489,14 @@ paths:
type: input
escalate:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5514,7 +5514,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5545,7 +5545,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5719,9 +5719,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5730,9 +5730,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5776,9 +5776,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5791,9 +5791,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5839,9 +5839,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5885,9 +5885,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5907,9 +5907,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -5917,19 +5917,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -5947,12 +5947,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5968,7 +5968,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5997,7 +5997,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6103,9 +6103,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:

528
generated/restapi/embedded_spec.go
View File

File diff suppressed because it is too large Load Diff

99
generated/test/api_server_test.go
View File

File diff suppressed because one or more lines are too long