CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2025-12-06 15:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Mock time (#2)

Browse Source
This commit is contained in:
Jonas Plum
2021-12-27 00:17:44 +01:00
committed by GitHub
parent 0286574692
commit 1fade14ba5
19 changed files with 916 additions and 969 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
database/artifact.go
View File

@@ -3,12 +3,12 @@ package database
import (
"context"
"fmt"
"time"
"github.com/arangodb/go-driver"
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/time"
)
func (db *Database) ArtifactGet(ctx context.Context, id int64, name string) (*models.Artifact, error) {

5
database/busdb/busdb.go
View File

@@ -9,11 +9,6 @@ import (
"github.com/SecurityBrewery/catalyst/generated/models"
)
type Hook interface {
PublishAction(action string, context, msg map[string]interface{}) error
PublishUpdate(col, id string) error
}
// BusDatabase
// 1. Save entry to log
// 2. Send update ticket to bus

6
database/busdb/log.go
View File

@@ -3,23 +3,23 @@ package busdb
import (
"context"
"errors"
"time"
"github.com/arangodb/go-driver"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/time"
)
const LogCollectionName = "logs"
func (db *BusDatabase) LogCreate(ctx context.Context, id, message string) (*models.LogEntry, error) {
func (db *BusDatabase) LogCreate(ctx context.Context, reference, message string) (*models.LogEntry, error) {
user, ok := UserFromContext(ctx)
if !ok {
return nil, errors.New("no user in context")
}
logentry := &models.LogEntry{
Reference: id,
Reference: reference,
Created: time.Now(),
Creator: user.ID,
Message: message,

2
database/playbook.go
View File

@@ -3,7 +3,6 @@ package database
import (
"context"
"errors"
"time"
"github.com/arangodb/go-driver"
"github.com/iancoleman/strcase"
@@ -12,6 +11,7 @@ import (
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/time"
)
type PlaybookYAML struct {

2
database/ticket.go
View File

@@ -9,7 +9,6 @@ import (
"strconv"
"strings"
"sync"
"time"
"github.com/arangodb/go-driver"
"github.com/xeipuuv/gojsonschema"
@@ -18,6 +17,7 @@ import (
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/index"
"github.com/SecurityBrewery/catalyst/time"
)
func toTicket(ticketForm *models.TicketForm) (interface{}, error) {

32
database/ticket_field.go
View File

@@ -4,7 +4,6 @@ import (
"context"
"errors"
"fmt"
"time"
"github.com/arangodb/go-driver"
"github.com/iancoleman/strcase"
@@ -13,6 +12,7 @@ import (
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/pointer"
"github.com/SecurityBrewery/catalyst/time"
)
func (db *Database) AddArtifact(ctx context.Context, id int64, artifact *models.Artifact) (*models.TicketWithTickets, error) {
@@ -31,9 +31,9 @@ func (db *Database) AddArtifact(ctx context.Context, id int64, artifact *models.
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "artifacts": PUSH(NOT_NULL(d.artifacts, []), @artifact) } IN @@collection
UPDATE d WITH { "modified": @now, "artifacts": PUSH(NOT_NULL(d.artifacts, []), @artifact) } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"artifact": artifact}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"artifact": artifact, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -71,9 +71,9 @@ func (db *Database) RemoveArtifact(ctx context.Context, id int64, name string) (
FOR a IN NOT_NULL(d.artifacts, [])
FILTER a.name == @name
LET newartifacts = REMOVE_VALUE(d.artifacts, a)
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "artifacts": newartifacts } IN @@collection
UPDATE d WITH { "modified": @now, "artifacts": newartifacts } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"name": name}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"name": name, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -122,9 +122,9 @@ func (db *Database) AddComment(ctx context.Context, id int64, comment *models.Co
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "comments": PUSH(NOT_NULL(d.comments, []), @comment) } IN @@collection
UPDATE d WITH { "modified": @now, "comments": PUSH(NOT_NULL(d.comments, []), @comment) } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"comment": comment}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"comment": comment, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -141,9 +141,9 @@ func (db *Database) RemoveComment(ctx context.Context, id int64, commentID int64
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "comments": REMOVE_NTH(d.comments, @commentID) } IN @@collection
UPDATE d WITH { "modified": @now, "comments": REMOVE_NTH(d.comments, @commentID) } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"commentID": commentID}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"commentID": commentID, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -160,9 +160,9 @@ func (db *Database) SetReferences(ctx context.Context, id int64, references []*m
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "references": @references } IN @@collection
UPDATE d WITH { "modified": @now, "references": @references } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"references": references}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"references": references, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -179,9 +179,9 @@ func (db *Database) LinkFiles(ctx context.Context, id int64, files []*models.Fil
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "files": @files } IN @@collection
UPDATE d WITH { "modified": @now, "files": @files } IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"files": files}, ticketFilterVars), &busdb.Operation{
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{"files": files, "now": time.Now().UTC()}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
driver.DocumentID(fmt.Sprintf("%s/%d", TicketCollectionName, id)),
@@ -216,12 +216,13 @@ func (db *Database) AddTicketPlaybook(ctx context.Context, id int64, playbookTem
FILTER d._key == @ID
LET newplaybook = ZIP( [@playbookID], [@playbook] )
LET newplaybooks = MERGE(NOT_NULL(d.playbooks, {}), newplaybook)
LET newticket = MERGE(d, { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks })
LET newticket = MERGE(d, { "modified": @now, "playbooks": newplaybooks })
REPLACE d WITH newticket IN @@collection
RETURN NEW`
ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{
"playbook": pb,
"playbookID": findName(parentTicket.Playbooks, playbookID),
"now": time.Now().UTC(),
}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
@@ -277,10 +278,11 @@ func (db *Database) RemoveTicketPlaybook(ctx context.Context, id int64, playbook
` + ticketFilterQuery + `
FILTER d._key == @ID
LET newplaybooks = UNSET(d.playbooks, @playbookID)
REPLACE d WITH MERGE(d, { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks }) IN @@collection
REPLACE d WITH MERGE(d, { "modified": @now, "playbooks": newplaybooks }) IN @@collection
RETURN NEW`
return db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{
"playbookID": playbookID,
"now": time.Now().UTC(),
}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{

10
database/ticket_task.go
View File

@@ -5,13 +5,13 @@ import (
"errors"
"fmt"
"log"
"time"
"github.com/arangodb/go-driver"
"github.com/google/uuid"
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/time"
)
func (db *Database) TaskGet(ctx context.Context, id int64, playbookID string, taskID string) (*models.TicketWithTickets, *models.PlaybookResponse, *models.TaskWithContext, error) {
@@ -65,13 +65,14 @@ func (db *Database) TaskComplete(ctx context.Context, id int64, playbookID strin
LET newplaybook = MERGE(playbook, {"tasks": newtasks})
LET newplaybooks = MERGE(d.playbooks, { @playbookID: newplaybook } )
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks } IN @@collection
UPDATE d WITH { "modified": @now, "playbooks": newplaybooks } IN @@collection
RETURN NEW`
ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{
"playbookID": playbookID,
"taskID": taskID,
"data": data,
"closed": time.Now().UTC(),
"now": time.Now().UTC(),
}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{
@@ -118,6 +119,8 @@ func (db *Database) TaskUpdate(ctx context.Context, id int64, playbookID string,
return nil, err
}
task.Created = time.Now().UTC()
query := `LET d = DOCUMENT(@@collection, @ID)
` + ticketFilterQuery + `
LET playbook = d.playbooks[@playbookID]
@@ -125,12 +128,13 @@ func (db *Database) TaskUpdate(ctx context.Context, id int64, playbookID string,
LET newplaybook = MERGE(playbook, {"tasks": newtasks})
LET newplaybooks = MERGE(d.playbooks, { @playbookID: newplaybook } )
UPDATE d WITH { "modified": DATE_ISO8601(DATE_NOW()), "playbooks": newplaybooks } IN @@collection
UPDATE d WITH { "modified": @now, "playbooks": newplaybooks } IN @@collection
RETURN NEW`
ticket, err := db.ticketGetQuery(ctx, id, query, mergeMaps(map[string]interface{}{
"playbookID": playbookID,
"taskID": taskID,
"task": task,
"now": time.Now().UTC(),
}, ticketFilterVars), &busdb.Operation{
OperationType: busdb.Update,
Ids: []driver.DocumentID{

2
database/user.go
View File

@@ -6,7 +6,6 @@ import (
"errors"
"fmt"
"math/rand"
"time"
"github.com/arangodb/go-driver"
"github.com/gin-gonic/gin"
@@ -16,6 +15,7 @@ import (
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/pointer"
"github.com/SecurityBrewery/catalyst/role"
"github.com/SecurityBrewery/catalyst/time"
)
var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_")

2
definition/logs.yaml
View File

@@ -16,7 +16,7 @@ paths:
schema: { type: array, items: { $ref: "#/definitions/LogEntry" } }
examples:
test:
- { "created": "2021-10-02T18:05:00.333535+02:00","creator": "bob","reference": "tickets/294511","message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim." }
- { "created": "2021-12-12T12:12:12.000000012Z","creator": "bob","reference": "tickets/294511","message": "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim." }
security: [ { roles: [ "log:read" ] } ]
definitions:

240
definition/tickets.yaml
View File

@@ -23,21 +23,21 @@ paths:
count: 3
tickets:
- id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-10-02T16:04:59.078206Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -49,8 +49,8 @@ paths:
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
- { name: "leadreintermediate.io", status: "malicious" }
- { id: 8125, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8125, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z",name: "phishing from selenafadel@von.com detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:read" ] } ]
post:
tags: [ "tickets" ]
@@ -68,8 +68,8 @@ paths:
name: "Wannacry infection"
type: "incident"
status: "open"
created: "1985-04-12T23:20:50.52Z"
modified: "1985-04-12T23:20:50.52Z"
created: "2021-12-12T12:12:12.000000012Z"
modified: "2021-12-12T12:12:12.000000012Z"
owner: "bob"
schema: "{}"
security: [ { roles: [ "ticket:write" ] } ]
@@ -99,8 +99,8 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-10-02T16:04:59.078186Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
references:
@@ -114,7 +114,7 @@ paths:
status: "closed"
type: "alert"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:read" ] } ]
put:
tags: [ "tickets" ]
@@ -122,7 +122,7 @@ paths:
operationId: "updateTicket"
parameters:
- { name: "id", in: "path", description: "Ticket ID", required: true, type: integer, format: "int64", x-example: 8125 }
- { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-10-02T18:04:59.078186+02:00",modified: "2021-10-02T18:04:59.078186+02:00", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } }
- { name: "ticket", in: "body", description: "Updated ticket", required: true, schema: { $ref: "#/definitions/Ticket" }, x-example: { "created": "2021-12-12T12:12:12.000000012Z",modified: "2021-12-12T12:12:12.000000012Z", name: "phishing from selenafadel@von.org detected", owner: "demo", references: [ { href: "https://www.seniorleading-edge.name/users/efficient", name: "recovery" },{ href: "http://www.dynamicseamless.com/clicks-and-mortar", name: "force" },{ href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ], schema: "{}", status: "closed", type: "alert" } }
responses:
"200":
description: "successful operation"
@@ -130,8 +130,8 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-12-12T12:12:12.000000012Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "phishing from selenafadel@von.org detected"
owner: "demo"
references:
@@ -145,7 +145,7 @@ paths:
status: "closed"
type: "alert"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:write" ] } ]
delete:
tags: [ "tickets" ]
@@ -172,8 +172,8 @@ paths:
examples:
test:
id: 8126
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-10-02T16:04:59.078186Z"
name: "Surfaceintroduce virus detected"
owner: "demo"
references:
@@ -185,21 +185,21 @@ paths:
type: "alert"
tickets:
- id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-10-02T16:04:59.078206Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -212,8 +212,8 @@ paths:
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
- { name: "leadreintermediate.io", status: "malicious" }
- id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-10-02T16:04:59.078186Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
references:
@@ -238,8 +238,8 @@ paths:
examples:
test:
id: 8126
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-10-02T16:04:59.078186Z"
name: "Surfaceintroduce virus detected"
owner: "demo"
references:
@@ -266,12 +266,12 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
comments:
- created: "2021-10-02T18:04:59.078186+02:00"
- created: "2021-12-12T12:12:12.000000012Z"
creator: "bob"
message: "My first comment"
references:
@@ -282,7 +282,7 @@ paths:
status: "closed"
type: "alert"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:write" ] } ]
/tickets/{id}/comments/{commentID}:
@@ -301,21 +301,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -344,8 +344,8 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
references: [ { href: "http://www.leadscalable.biz/envisioneer", name: "fund" } ]
@@ -353,7 +353,7 @@ paths:
status: "closed"
type: "alert"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:write" ] } ]
/tickets/{id}/schema:
@@ -371,8 +371,8 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-10-02T16:04:59.078186Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
references:
@@ -383,7 +383,7 @@ paths:
status: "closed"
type: "alert"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:write" ] } ]
/tickets/{id}/files:
@@ -402,8 +402,8 @@ paths:
examples:
test:
id: 8125
created: "2021-10-02T18:04:59.078186+02:00"
modified: "2021-10-02T18:04:59.078186+02:00"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "phishing from selenafadel@von.com detected"
owner: "demo"
references:
@@ -415,7 +415,7 @@ paths:
type: "alert"
files: [ { key: myfile, name: "document.doc" } ]
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
security: [ { roles: [ "ticket:write" ] } ]
@@ -438,11 +438,11 @@ paths:
owner: demo
type: "alert"
status: "closed"
created: "1985-04-12T23:20:50.52Z"
modified: "1985-04-12T23:20:50.52Z"
created: "2021-10-02T16:04:59.078186Z"
modified: "2021-12-12T12:12:12.000000012Z"
schema: "{}"
tickets:
- { id: 8126, created: "2021-10-02T18:04:59.078186+02:00", modified: "2021-10-02T18:04:59.078186+02:00", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
- { id: 8126, created: "2021-10-02T16:04:59.078186Z", modified: "2021-10-02T16:04:59.078186Z", name: "Surfaceintroduce virus detected", owner: "demo", references: [ { href: "http://www.centralworld-class.io/synthesize", name: "university" },{ href: "https://www.futurevirtual.org/supply-chains/markets/sticky/iterate", name: "goal" },{ href: "http://www.chiefsyndicate.io/action-items", name: "unemployment" } ],"schema": "{}", status: "closed", type: "alert" }
references:
- { href: "https://www.seniorleading-edge.name/users/efficient", name: recovery }
- { href: "http://www.dynamicseamless.com/clicks-and-mortar", name: force }
@@ -454,7 +454,7 @@ paths:
input:
active: true
done: false
created: "2021-10-02T18:04:59.078186+02:00"
created: "2021-12-12T12:12:12.000000012Z"
order: 0
name: Upload malware if possible
type: input
@@ -472,7 +472,7 @@ paths:
hash:
active: false
done: false
created: "2021-10-02T18:04:59.078186+02:00"
created: "2021-12-12T12:12:12.000000012Z"
order: 1
name: Hash the malware
type: automation
@@ -485,7 +485,7 @@ paths:
escalate:
active: false
done: false
created: "2021-10-02T18:04:59.078186+02:00"
created: "2021-12-12T12:12:12.000000012Z"
order: 2
name: Escalate to malware team
type: task
@@ -508,8 +508,8 @@ paths:
name: "live zebra"
type: "incident"
status: "closed"
created: "1985-04-12T23:20:50.52Z"
modified: "1985-04-12T23:20:50.52Z"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
owner: "demo"
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: performance }
@@ -629,21 +629,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -674,21 +674,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", closed: "2021-10-02T18:04:59.078186+02:00", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", closed: "2021-12-12T12:12:12.000000012Z", done: true, "active": false, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input", data: { boardInvolved: true } }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -730,21 +730,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -789,21 +789,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-10-02T16:04:59.078206Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -830,21 +830,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-12-12T12:12:12.000000012Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -886,21 +886,21 @@ paths:
examples:
test:
id: 8123
created: "2021-10-02T18:04:59.078206+02:00"
modified: "2021-10-02T18:04:59.078206+02:00"
created: "2021-10-02T16:04:59.078206Z"
modified: "2021-10-02T16:04:59.078206Z"
name: "live zebra"
owner: "demo"
playbooks:
phishing:
name: "Phishing"
tasks:
"block-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-10-02T18:04:59.078186+02:00", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
"block-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 6, name: "Block IOCs", type: "task" }
"block-sender": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 3, name: "Block sender","next": { "extract-iocs": "" }, type: "task" }
"board": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": true, "order": 0, name: "Board Involvement?","next": { "escalate": "boardInvolved == true","mail-available": "boardInvolved == false" },"schema": { "properties": { "boardInvolved": { "default": false, "title": "A board member is involved.", type: "boolean" } }, "required": [ "boardInvolved" ], "title": "Board Involvement?", type: "object" }, type: "input" }
"escalate": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 1, name: "Escalate to CISO", type: "task" }
"extract-iocs": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 5, name: "Extract IOCs", "next": { "block-iocs": "" },"schema": { "properties": { "iocs": { "items": { type: "string" },"title": "IOCs", type: "array" } }, "title": "Extract IOCs", type: "object" }, type: "input" }
"mail-available": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 2, name: "Mail available","next": { "block-sender": "schemaKey == 'yes'", "extract-iocs": "schemaKey == 'yes'", "search-email-gateway": "schemaKey == 'no'" },"schema": { "oneOf": [ { "properties": { "mail": { "title": "Mail", type: "string", "x-display": "textarea" }, "schemaKey": { "const": "yes", type: "string" } },"required": [ "mail" ], "title": "Yes" },{ "properties": { "schemaKey": { "const": "no", type: "string" } },"title": "No" } ],"title": "Mail available", type: "object" }, type: "input" }
"search-email-gateway": { created: "2021-12-12T12:12:12.000000012Z", done: false, "active": false, "order": 4, name: "Search email gateway","next": { "extract-iocs": "" }, type: "task" }
references:
- { href: "https://www.leadmaximize.net/e-services/back-end", name: "performance" }
- { href: "http://www.corporateinteractive.name/rich", name: "autumn" }
@@ -911,7 +911,7 @@ paths:
artifacts:
- { name: "94d5cab6f5fe3422a447ab15436e7a672bc0c09a", status: "unknown" }
- { name: "http://www.customerviral.io/scalable/vertical/killer", status: "clean" }
- { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-10-03T18:44:06.488923+02:00", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } }
- { name: "leadreintermediate.io", status: "malicious", enrichments: { hash.sha1: { name: "hash.sha1", created: "2021-12-12T12:12:12.000000012Z", data: { "hash": "b7a067a742c20d07a7456646de89bc2d408a1153" } } } }
security: [ { roles: [ "ticket:write" ] } ]
definitions:

172
generated/catalyst.json
View File

@@ -720,7 +720,7 @@
},
"test" : {
"example" : [ {
"created" : "2021-10-02T16:05:00.334+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.",
"reference" : "tickets/294511"
@@ -1537,13 +1537,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1552,7 +1552,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1574,13 +1574,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1602,7 +1602,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1640,7 +1640,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1738,9 +1738,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "Wannacry infection",
"owner" : "bob",
"schema" : "{}",
@@ -1893,9 +1893,9 @@
},
"test" : {
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.org detected",
"owner" : "demo",
"references" : [ {
@@ -1996,7 +1996,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2005,7 +2005,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2013,7 +2013,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2024,7 +2024,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2048,7 +2048,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2056,7 +2056,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2080,7 +2080,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2120,7 +2120,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2200,7 +2200,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2209,7 +2209,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2217,7 +2217,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2228,7 +2228,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2252,7 +2252,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2260,7 +2260,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2284,7 +2284,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2324,7 +2324,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2468,7 +2468,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2476,7 +2476,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2487,7 +2487,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2511,7 +2511,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2519,7 +2519,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2543,7 +2543,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2583,7 +2583,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2673,7 +2673,7 @@
}, {
"enrichments" : {
"hash.sha1" : {
"created" : "2021-10-03T16:44:06.489+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"hash" : "b7a067a742c20d07a7456646de89bc2d408a1153"
},
@@ -2694,7 +2694,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2702,7 +2702,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2713,7 +2713,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2737,7 +2737,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2745,7 +2745,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2769,7 +2769,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2809,7 +2809,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2927,13 +2927,13 @@
"test" : {
"example" : {
"comments" : [ {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "My first comment"
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3029,7 +3029,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3038,7 +3038,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3046,7 +3046,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3057,7 +3057,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -3081,7 +3081,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3089,7 +3089,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3113,7 +3113,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3153,7 +3153,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3236,7 +3236,7 @@
"name" : "document.doc"
} ],
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3321,9 +3321,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"playbooks" : {
@@ -3332,7 +3332,7 @@
"tasks" : {
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to malware team",
"order" : 2,
@@ -3341,7 +3341,7 @@
"hash" : {
"active" : false,
"automation" : "hash.sha1",
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Hash the malware",
"next" : {
@@ -3355,7 +3355,7 @@
},
"input" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Upload malware if possible",
"next" : {
@@ -3465,9 +3465,9 @@
"name" : "leadreintermediate.io",
"status" : "malicious"
} ],
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"references" : [ {
@@ -3561,7 +3561,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3570,7 +3570,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3578,7 +3578,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3589,7 +3589,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3616,7 +3616,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3624,7 +3624,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3648,7 +3648,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3688,7 +3688,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3792,7 +3792,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3801,7 +3801,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3809,7 +3809,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3820,8 +3820,8 @@
},
"board" : {
"active" : false,
"closed" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"closed" : "2021-12-12T12:12:12.000+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3848,7 +3848,7 @@
},
"escalate" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3856,7 +3856,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3880,7 +3880,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3920,7 +3920,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -4044,7 +4044,7 @@
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -4315,13 +4315,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -4330,7 +4330,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -4352,13 +4352,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -4380,7 +4380,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -4418,7 +4418,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {

264
generated/catalyst.yml
View File

@@ -1931,7 +1931,7 @@ paths:
description: successful operation
examples:
test:
- created: 2021-10-02T18:05:00.333535+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: Fail run account resist lend solve incident centre priority
temperature. Cause change distribution examine location technique
@@ -3381,9 +3381,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -3391,19 +3391,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3421,12 +3421,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3442,7 +3442,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3471,7 +3471,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3577,9 +3577,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3592,9 +3592,9 @@ paths:
schema: '{}'
status: closed
type: alert
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3635,9 +3635,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-12-12T12:12:12.000000012Z
id: 123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: Wannacry infection
owner: bob
schema: '{}'
@@ -3686,9 +3686,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3701,9 +3701,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3742,8 +3742,8 @@ paths:
schema:
$ref: '#/definitions/Ticket'
x-example:
created: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3761,9 +3761,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3776,9 +3776,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3834,9 +3834,9 @@ paths:
- name: 2.2.2.2
status: unknown
type: ip
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3845,14 +3845,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3861,7 +3861,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3881,14 +3881,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3906,7 +3906,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3937,7 +3937,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4078,9 +4078,9 @@ paths:
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4089,14 +4089,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4105,7 +4105,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4125,14 +4125,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4150,7 +4150,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4181,7 +4181,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4361,9 +4361,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4372,14 +4372,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4388,7 +4388,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4408,14 +4408,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4433,7 +4433,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4464,7 +4464,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4616,15 +4616,15 @@ paths:
status: clean
- enrichments:
hash.sha1:
created: 2021-10-03T18:44:06.488923+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4633,14 +4633,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4649,7 +4649,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4669,14 +4669,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4694,7 +4694,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4725,7 +4725,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4895,12 +4895,12 @@ paths:
examples:
test:
comments:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: My first comment
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4913,9 +4913,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4967,9 +4967,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4978,14 +4978,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4994,7 +4994,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -5014,14 +5014,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5039,7 +5039,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5070,7 +5070,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5214,12 +5214,12 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
files:
- key: myfile
name: document.doc
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5232,9 +5232,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5308,9 +5308,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
playbooks:
@@ -5319,7 +5319,7 @@ paths:
tasks:
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to malware team
order: 2
@@ -5327,7 +5327,7 @@ paths:
hash:
active: false
automation: hash.sha1
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Hash the malware
next:
@@ -5338,7 +5338,7 @@ paths:
type: automation
input:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Upload malware if possible
next:
@@ -5363,9 +5363,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5413,9 +5413,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
references:
@@ -5588,9 +5588,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5599,14 +5599,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5615,7 +5615,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: false
@@ -5637,14 +5637,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5662,7 +5662,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5693,7 +5693,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5851,9 +5851,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5862,14 +5862,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5878,8 +5878,8 @@ paths:
type: task
board:
active: false
closed: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T18:04:59.078186+02:00
closed: 2021-12-12T12:12:12.000000012Z
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: true
@@ -5901,14 +5901,14 @@ paths:
type: input
escalate:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5926,7 +5926,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5957,7 +5957,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6131,9 +6131,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -6142,9 +6142,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6188,9 +6188,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -6203,9 +6203,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6251,9 +6251,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6297,9 +6297,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -6319,9 +6319,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -6329,19 +6329,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -6359,12 +6359,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -6380,7 +6380,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -6409,7 +6409,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6515,9 +6515,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:

172
generated/community.json
View File

@@ -488,7 +488,7 @@
},
"test" : {
"example" : [ {
"created" : "2021-10-02T16:05:00.334+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "Fail run account resist lend solve incident centre priority temperature. Cause change distribution examine location technique shape partner milk customer. Rail tea plate soil report cook railway interpretation breath action. Exercise dream accept park conclusion addition shoot assistance may answer. Gold writer link stop combine hear power name commitment operation. Determine lifespan support grow degree henry exclude detail set religion. Direct library policy convention chain retain discover ride walk student. Gather proposal select march aspect play noise avoid encourage employ. Assessment preserve transport combine wish influence income guess run stand. Charge limit crime ignore statement foundation study issue stop claim.",
"reference" : "tickets/294511"
@@ -1107,13 +1107,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1122,7 +1122,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1144,13 +1144,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1172,7 +1172,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1210,7 +1210,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1308,9 +1308,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "Wannacry infection",
"owner" : "bob",
"schema" : "{}",
@@ -1463,9 +1463,9 @@
},
"test" : {
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.org detected",
"owner" : "demo",
"references" : [ {
@@ -1566,7 +1566,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -1575,7 +1575,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -1583,7 +1583,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1594,7 +1594,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1618,7 +1618,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -1626,7 +1626,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1650,7 +1650,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1690,7 +1690,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -1770,7 +1770,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -1779,7 +1779,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -1787,7 +1787,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -1798,7 +1798,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -1822,7 +1822,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -1830,7 +1830,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -1854,7 +1854,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -1894,7 +1894,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2038,7 +2038,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2046,7 +2046,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2057,7 +2057,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2081,7 +2081,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2089,7 +2089,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2113,7 +2113,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2153,7 +2153,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2243,7 +2243,7 @@
}, {
"enrichments" : {
"hash.sha1" : {
"created" : "2021-10-03T16:44:06.489+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"hash" : "b7a067a742c20d07a7456646de89bc2d408a1153"
},
@@ -2264,7 +2264,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2272,7 +2272,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2283,7 +2283,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2307,7 +2307,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2315,7 +2315,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2339,7 +2339,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2379,7 +2379,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2497,13 +2497,13 @@
"test" : {
"example" : {
"comments" : [ {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"creator" : "bob",
"message" : "My first comment"
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -2599,7 +2599,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -2608,7 +2608,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -2616,7 +2616,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -2627,7 +2627,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -2651,7 +2651,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -2659,7 +2659,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -2683,7 +2683,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -2723,7 +2723,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -2806,7 +2806,7 @@
"name" : "document.doc"
} ],
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -2891,9 +2891,9 @@
},
"test" : {
"example" : {
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"playbooks" : {
@@ -2902,7 +2902,7 @@
"tasks" : {
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to malware team",
"order" : 2,
@@ -2911,7 +2911,7 @@
"hash" : {
"active" : false,
"automation" : "hash.sha1",
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Hash the malware",
"next" : {
@@ -2925,7 +2925,7 @@
},
"input" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Upload malware if possible",
"next" : {
@@ -3035,9 +3035,9 @@
"name" : "leadreintermediate.io",
"status" : "malicious"
} ],
"created" : "1985-04-12T23:20:50.520+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "1985-04-12T23:20:50.520+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"references" : [ {
@@ -3131,7 +3131,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3140,7 +3140,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3148,7 +3148,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3159,7 +3159,7 @@
},
"board" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3186,7 +3186,7 @@
},
"escalate" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3194,7 +3194,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3218,7 +3218,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3258,7 +3258,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3362,7 +3362,7 @@
} ],
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8123,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "live zebra",
"owner" : "demo",
"playbooks" : {
@@ -3371,7 +3371,7 @@
"tasks" : {
"block-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"order" : 6,
@@ -3379,7 +3379,7 @@
},
"block-sender" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3390,8 +3390,8 @@
},
"board" : {
"active" : false,
"closed" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-10-02T16:04:59.078+0000",
"closed" : "2021-12-12T12:12:12.000+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"data" : {
"boardInvolved" : true
},
@@ -3418,7 +3418,7 @@
},
"escalate" : {
"active" : true,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"order" : 1,
@@ -3426,7 +3426,7 @@
},
"extract-iocs" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3450,7 +3450,7 @@
},
"mail-available" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3490,7 +3490,7 @@
},
"search-email-gateway" : {
"active" : false,
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {
@@ -3614,7 +3614,7 @@
"example" : {
"created" : "2021-10-02T16:04:59.078+0000",
"id" : 8125,
"modified" : "2021-10-02T16:04:59.078+0000",
"modified" : "2021-12-12T12:12:12.000+0000",
"name" : "phishing from selenafadel@von.com detected",
"owner" : "demo",
"references" : [ {
@@ -3885,13 +3885,13 @@
"name" : "Phishing",
"tasks" : {
"block-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block IOCs",
"type" : "task"
},
"block-sender" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Block sender",
"next" : {
@@ -3900,7 +3900,7 @@
"type" : "task"
},
"board" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Board Involvement?",
"next" : {
@@ -3922,13 +3922,13 @@
"type" : "input"
},
"escalate" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Escalate to CISO",
"type" : "task"
},
"extract-iocs" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Extract IOCs",
"next" : {
@@ -3950,7 +3950,7 @@
"type" : "input"
},
"mail-available" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Mail available",
"next" : {
@@ -3988,7 +3988,7 @@
"type" : "input"
},
"search-email-gateway" : {
"created" : "2021-10-02T16:04:59.078+0000",
"created" : "2021-12-12T12:12:12.000+0000",
"done" : false,
"name" : "Search email gateway",
"next" : {

264
generated/community.yml
View File

@@ -1660,7 +1660,7 @@ paths:
description: successful operation
examples:
test:
- created: 2021-10-02T18:05:00.333535+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: Fail run account resist lend solve incident centre priority
temperature. Cause change distribution examine location technique
@@ -2969,9 +2969,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -2979,19 +2979,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3009,12 +3009,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3030,7 +3030,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3059,7 +3059,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3165,9 +3165,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3180,9 +3180,9 @@ paths:
schema: '{}'
status: closed
type: alert
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3223,9 +3223,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-12-12T12:12:12.000000012Z
id: 123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: Wannacry infection
owner: bob
schema: '{}'
@@ -3274,9 +3274,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -3289,9 +3289,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3330,8 +3330,8 @@ paths:
schema:
$ref: '#/definitions/Ticket'
x-example:
created: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3349,9 +3349,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
@@ -3364,9 +3364,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -3422,9 +3422,9 @@ paths:
- name: 2.2.2.2
status: unknown
type: ip
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3433,14 +3433,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3449,7 +3449,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3469,14 +3469,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3494,7 +3494,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3525,7 +3525,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3666,9 +3666,9 @@ paths:
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -3677,14 +3677,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3693,7 +3693,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3713,14 +3713,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -3738,7 +3738,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -3769,7 +3769,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -3949,9 +3949,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: clean
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -3960,14 +3960,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -3976,7 +3976,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -3996,14 +3996,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4021,7 +4021,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4052,7 +4052,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4204,15 +4204,15 @@ paths:
status: clean
- enrichments:
hash.sha1:
created: 2021-10-03T18:44:06.488923+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -4221,14 +4221,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4237,7 +4237,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4257,14 +4257,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4282,7 +4282,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4313,7 +4313,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4483,12 +4483,12 @@ paths:
examples:
test:
comments:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: My first comment
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4501,9 +4501,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4555,9 +4555,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -4566,14 +4566,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -4582,7 +4582,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -4602,14 +4602,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -4627,7 +4627,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -4658,7 +4658,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -4802,12 +4802,12 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
files:
- key: myfile
name: document.doc
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -4820,9 +4820,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -4896,9 +4896,9 @@ paths:
description: successful operation
examples:
test:
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
playbooks:
@@ -4907,7 +4907,7 @@ paths:
tasks:
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to malware team
order: 2
@@ -4915,7 +4915,7 @@ paths:
hash:
active: false
automation: hash.sha1
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Hash the malware
next:
@@ -4926,7 +4926,7 @@ paths:
type: automation
input:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Upload malware if possible
next:
@@ -4951,9 +4951,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5001,9 +5001,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 1985-04-12T23:20:50.52Z
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 1985-04-12T23:20:50.52Z
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
references:
@@ -5176,9 +5176,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5187,14 +5187,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5203,7 +5203,7 @@ paths:
type: task
board:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: false
@@ -5225,14 +5225,14 @@ paths:
type: input
escalate:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5250,7 +5250,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5281,7 +5281,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5439,9 +5439,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
@@ -5450,14 +5450,14 @@ paths:
tasks:
block-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
@@ -5466,8 +5466,8 @@ paths:
type: task
board:
active: false
closed: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T18:04:59.078186+02:00
closed: 2021-12-12T12:12:12.000000012Z
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: true
@@ -5489,14 +5489,14 @@ paths:
type: input
escalate:
active: true
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5514,7 +5514,7 @@ paths:
type: input
mail-available:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5545,7 +5545,7 @@ paths:
type: input
search-email-gateway:
active: false
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -5719,9 +5719,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5730,9 +5730,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5776,9 +5776,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
@@ -5791,9 +5791,9 @@ paths:
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5839,9 +5839,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5885,9 +5885,9 @@ paths:
description: successful operation
examples:
test:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
@@ -5907,9 +5907,9 @@ paths:
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T18:04:59.078206+02:00
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T18:04:59.078206+02:00
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
@@ -5917,19 +5917,19 @@ paths:
name: Phishing
tasks:
block-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
@@ -5947,12 +5947,12 @@ paths:
type: object
type: input
escalate:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
@@ -5968,7 +5968,7 @@ paths:
type: object
type: input
mail-available:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
@@ -5997,7 +5997,7 @@ paths:
type: object
type: input
search-email-gateway:
created: 2021-10-02T18:04:59.078186+02:00
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
@@ -6103,9 +6103,9 @@ paths:
}
status: closed
type: incident
- created: 2021-10-02T18:04:59.078186+02:00
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T18:04:59.078186+02:00
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:

528
generated/restapi/embedded_spec.go
View File

File diff suppressed because it is too large Load Diff

99
generated/test/api_server_test.go
View File

File diff suppressed because one or more lines are too long

60
generator/templates/api_server_test.gotmpl
View File

@@ -4,26 +4,34 @@ import (
"bytes"
"context"
"encoding/json"
"github.com/SecurityBrewery/catalyst/database"
"github.com/go-openapi/swag"
"io"
"net/http"
"net/http/httptest"
"testing"
"time"
"github.com/go-openapi/swag"
"github.com/gin-gonic/gin"
"github.com/stretchr/testify/assert"
"github.com/tidwall/gjson"
"github.com/tidwall/sjson"
ctime "github.com/SecurityBrewery/catalyst/time"
"github.com/SecurityBrewery/catalyst/database"
"github.com/SecurityBrewery/catalyst/database/busdb"
"github.com/SecurityBrewery/catalyst/generated/models"
"github.com/SecurityBrewery/catalyst/test"
)
type testClock struct {}
func (testClock) Now() time.Time {
return time.Date(2021, 12, 12, 12, 12, 12, 12, time.UTC)
}
func TestService(t *testing.T) {
gin.SetMode(gin.TestMode)
ctime.DefaultClock = testClock{}
type args struct {
method string
@@ -114,53 +122,7 @@ func jsonEqual(t *testing.T, got io.Reader, want interface{}) {
t.Fatal(err)
}
fields := []string{
"created", "modified", "logs.0.created",
"artifacts.0.enrichments.hash\\.sha1.created",
"artifacts.1.enrichments.hash\\.sha1.created",
"artifacts.2.enrichments.hash\\.sha1.created",
"playbooks.simple.tasks.input.created",
"playbooks.simple.tasks.hash.created",
"playbooks.simple.tasks.escalate.created",
"playbooks.phishing.tasks.input.created",
"playbooks.phishing.tasks.hash.created",
"playbooks.phishing.tasks.escalate.created",
"playbooks.phishing.tasks.block-ioc.created",
"playbooks.phishing.tasks.block-iocs.created",
"playbooks.phishing.tasks.block-sender.created",
"playbooks.phishing.tasks.board.created",
"playbooks.phishing.tasks.board.closed",
"playbooks.phishing.tasks.escalate.created",
"playbooks.phishing.tasks.extract-iocs.created",
"playbooks.phishing.tasks.fetch-iocs.created",
"playbooks.phishing.tasks.mail-available.created",
"playbooks.phishing.tasks.search-email-gateway.created",
"0.playbooks.phishing.tasks.block-ioc.created",
"0.playbooks.phishing.tasks.block-iocs.created",
"0.playbooks.phishing.tasks.block-sender.created",
"0.playbooks.phishing.tasks.board.created",
"0.playbooks.phishing.tasks.escalate.created",
"0.playbooks.phishing.tasks.extract-iocs.created",
"0.playbooks.phishing.tasks.fetch-iocs.created",
"0.playbooks.phishing.tasks.mail-available.created",
"0.playbooks.phishing.tasks.search-email-gateway.created",
"tickets.0.playbooks.phishing.tasks.block-ioc.created",
"tickets.0.playbooks.phishing.tasks.block-iocs.created",
"tickets.0.playbooks.phishing.tasks.block-sender.created",
"tickets.0.playbooks.phishing.tasks.board.created",
"tickets.0.playbooks.phishing.tasks.escalate.created",
"tickets.0.playbooks.phishing.tasks.extract-iocs.created",
"tickets.0.playbooks.phishing.tasks.fetch-iocs.created",
"tickets.0.playbooks.phishing.tasks.mail-available.created",
"tickets.0.playbooks.phishing.tasks.search-email-gateway.created",
"secret", "0.created", "comments.0.created",
}
fields := []string{"secret"}
for _, field := range fields {
gField := gjson.GetBytes(wantBytes, field)
if gField.Exists() && gjson.GetBytes(gotBytes, field).Exists() {

4
test/data.go
View File

@@ -89,5 +89,7 @@ func parse(s string) *time.Time {
if err != nil {
panic(err)
}
return &modified
utc := modified.UTC()
return &utc
}

19
time/time.go Normal file
View File

@@ -0,0 +1,19 @@
package time
import "time"
type Clock interface {
Now() time.Time
}
type realClock struct{}
func (realClock) Now() time.Time {
return time.Now()
}
var DefaultClock Clock = &realClock{}
func Now() time.Time {
return DefaultClock.Now()
}