Remove malware playbook (#540)

* Remove malware playbook

Co-authored-by: Jonas Plum <git@jonasplum.de>

database/migrations/content.go

@@ -14,9 +14,6 @@ var VTHashAutomation string
 //go:embed automations/comment.py
 var CommentAutomation string
 
-//go:embed playbooks/malware.yml
-var MalwarePlaybook string
-
 //go:embed playbooks/phishing.yml
 var PhishingPlaybook string
 

database/migrations/migrations.go

@@ -36,7 +36,6 @@ func generateMigrations() ([]Migration, error) {
 		&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-vt.hash", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "vt.hash", Doc: &model.Automation{Image: "docker.io/python:3", Script: VTHashAutomation}}},
 		&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-comment", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "comment", Doc: &model.Automation{Image: "docker.io/python:3", Script: CommentAutomation}}},
 		&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-hash.sha1", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "hash.sha1", Doc: &model.Automation{Image: "docker.io/python:3", Script: SHA1HashAutomation}}},
-		&createDocument[busdb.Keyed[model.PlaybookTemplate]]{ID: "create-playbook-malware", Collection: "playbooks", Document: &busdb.Keyed[model.PlaybookTemplate]{Key: "malware", Doc: &model.PlaybookTemplate{Name: "Malware", Yaml: MalwarePlaybook}}},
 		&createDocument[busdb.Keyed[model.PlaybookTemplate]]{ID: "create-playbook-phishing", Collection: "playbooks", Document: &busdb.Keyed[model.PlaybookTemplate]{Key: "phishing", Doc: &model.PlaybookTemplate{Name: "Phishing", Yaml: PhishingPlaybook}}},
 		&createDocument[busdb.Keyed[model.TicketType]]{ID: "create-tickettype-alert", Collection: "tickettypes", Document: &busdb.Keyed[model.TicketType]{Key: "alert", Doc: &model.TicketType{Name: "Alerts", Icon: "mdi-alert", DefaultTemplate: "default", DefaultPlaybooks: []string{}, DefaultGroups: nil}}},
 		&createDocument[busdb.Keyed[model.TicketType]]{ID: "create-tickettype-incident", Collection: "tickettypes", Document: &busdb.Keyed[model.TicketType]{Key: "incident", Doc: &model.TicketType{Name: "Incidents", Icon: "mdi-radioactive", DefaultTemplate: "default", DefaultPlaybooks: []string{}, DefaultGroups: nil}}},

database/migrations/playbooks/malware.yml

@@ -1,63 +0,0 @@
-name: Malware
-tasks:
-  file-or-hash:
-    name: Do you have the file or the hash?
-    type: input
-    schema:
-      title: Malware
-      type: object
-      properties:
-        file:
-          type: string
-          title: "I have the"
-          enum: [ "File", "Hash" ]
-    next:
-      enter-hash: "file == 'Hash'"
-      upload: "file == 'File'"
-
-  enter-hash:
-    name: Please enter the hash
-    type: input
-    schema:
-      title: Malware
-      type: object
-      properties:
-        hash:
-          type: string
-          title: Please enter the hash value
-          minlength: 32
-    next:
-      virustotal: "hash != ''"
-
-  upload:
-    name: Upload the malware
-    type: input
-    schema:
-      title: Malware
-      type: object
-      properties:
-        malware:
-          type: object
-          x-display: file
-          title: Please upload the malware
-    next:
-      hash: "malware"
-
-  hash:
-    name: Hash the malware
-    type: automation
-    automation: hash.sha1
-    payload:
-      default: "playbook.tasks['upload'].data['malware']"
-    next:
-      virustotal:
-
-  virustotal:
-    name: Send hash to VirusTotal
-    type: automation
-    automation: vt.hash
-    args:
-      hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
-    # next:
-    #   known-malware: "score > 5"
-    #   sandbox: "score < 6" # unknown-malware