mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2026-03-25 03:52:36 +01:00
Remove malware playbook (#540)
* Remove malware playbook Co-authored-by: Jonas Plum <git@jonasplum.de>
This commit is contained in:
Jonas Plum
GitHub
@@ -194,7 +194,7 @@ var Tests = []struct {
|
||||
Args: Args{Method: "Get", URL: "/playbooks"},
|
||||
Want: Want{
|
||||
Status: 200,
|
||||
Body: []any{map[string]any{"id": "malware", "name": "Malware", "yaml": "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"}, map[string]any{"id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"}, map[string]any{"id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n"}},
|
||||
Body: []any{map[string]any{"id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"}, map[string]any{"id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n"}},
|
||||
},
|
||||
},
|
||||
|
||||
|
||||
@@ -1013,10 +1013,6 @@
|
||||
},
|
||||
"test" : {
|
||||
"example" : [ {
|
||||
"id" : "malware",
|
||||
"name" : "Malware",
|
||||
"yaml" : "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
||||
}, {
|
||||
"id" : "phishing",
|
||||
"name" : "Phishing",
|
||||
"yaml" : "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
||||
|
||||
@@ -2171,72 +2171,6 @@ paths:
|
||||
description: successful operation
|
||||
examples:
|
||||
test:
|
||||
- id: malware
|
||||
name: Malware
|
||||
yaml: |
|
||||
name: Malware
|
||||
tasks:
|
||||
file-or-hash:
|
||||
name: Do you have the file or the hash?
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
file:
|
||||
type: string
|
||||
title: "I have the"
|
||||
enum: [ "File", "Hash" ]
|
||||
next:
|
||||
enter-hash: "file == 'Hash'"
|
||||
upload: "file == 'File'"
|
||||
|
||||
enter-hash:
|
||||
name: Please enter the hash
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
hash:
|
||||
type: string
|
||||
title: Please enter the hash value
|
||||
minlength: 32
|
||||
next:
|
||||
virustotal: "hash != ''"
|
||||
|
||||
upload:
|
||||
name: Upload the malware
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
malware:
|
||||
type: object
|
||||
x-display: file
|
||||
title: Please upload the malware
|
||||
next:
|
||||
hash: "malware"
|
||||
|
||||
hash:
|
||||
name: Hash the malware
|
||||
type: automation
|
||||
automation: hash.sha1
|
||||
payload:
|
||||
default: "playbook.tasks['upload'].data['malware']"
|
||||
next:
|
||||
virustotal:
|
||||
|
||||
virustotal:
|
||||
name: Send hash to VirusTotal
|
||||
type: automation
|
||||
automation: vt.hash
|
||||
args:
|
||||
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
||||
# next:
|
||||
# known-malware: "score > 5"
|
||||
# sandbox: "score < 6" # unknown-malware
|
||||
- id: phishing
|
||||
name: Phishing
|
||||
yaml: |
|
||||
|
||||
@@ -781,10 +781,6 @@
|
||||
},
|
||||
"test" : {
|
||||
"example" : [ {
|
||||
"id" : "malware",
|
||||
"name" : "Malware",
|
||||
"yaml" : "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
||||
}, {
|
||||
"id" : "phishing",
|
||||
"name" : "Phishing",
|
||||
"yaml" : "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
||||
|
||||
@@ -1900,72 +1900,6 @@ paths:
|
||||
description: successful operation
|
||||
examples:
|
||||
test:
|
||||
- id: malware
|
||||
name: Malware
|
||||
yaml: |
|
||||
name: Malware
|
||||
tasks:
|
||||
file-or-hash:
|
||||
name: Do you have the file or the hash?
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
file:
|
||||
type: string
|
||||
title: "I have the"
|
||||
enum: [ "File", "Hash" ]
|
||||
next:
|
||||
enter-hash: "file == 'Hash'"
|
||||
upload: "file == 'File'"
|
||||
|
||||
enter-hash:
|
||||
name: Please enter the hash
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
hash:
|
||||
type: string
|
||||
title: Please enter the hash value
|
||||
minlength: 32
|
||||
next:
|
||||
virustotal: "hash != ''"
|
||||
|
||||
upload:
|
||||
name: Upload the malware
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
malware:
|
||||
type: object
|
||||
x-display: file
|
||||
title: Please upload the malware
|
||||
next:
|
||||
hash: "malware"
|
||||
|
||||
hash:
|
||||
name: Hash the malware
|
||||
type: automation
|
||||
automation: hash.sha1
|
||||
payload:
|
||||
default: "playbook.tasks['upload'].data['malware']"
|
||||
next:
|
||||
virustotal:
|
||||
|
||||
virustotal:
|
||||
name: Send hash to VirusTotal
|
||||
type: automation
|
||||
automation: vt.hash
|
||||
args:
|
||||
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
||||
# next:
|
||||
# known-malware: "score > 5"
|
||||
# sandbox: "score < 6" # unknown-malware
|
||||
- id: phishing
|
||||
name: Phishing
|
||||
yaml: |
|
||||
|
||||
Reference in New Issue
Block a user