mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-07 07:42:45 +01:00
Remove malware playbook (#540)
* Remove malware playbook Co-authored-by: Jonas Plum <git@jonasplum.de>
This commit is contained in:
Jonas Plum
GitHub
@@ -14,9 +14,6 @@ var VTHashAutomation string
|
||||
//go:embed automations/comment.py
|
||||
var CommentAutomation string
|
||||
|
||||
//go:embed playbooks/malware.yml
|
||||
var MalwarePlaybook string
|
||||
|
||||
//go:embed playbooks/phishing.yml
|
||||
var PhishingPlaybook string
|
||||
|
||||
|
||||
@@ -36,7 +36,6 @@ func generateMigrations() ([]Migration, error) {
|
||||
&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-vt.hash", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "vt.hash", Doc: &model.Automation{Image: "docker.io/python:3", Script: VTHashAutomation}}},
|
||||
&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-comment", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "comment", Doc: &model.Automation{Image: "docker.io/python:3", Script: CommentAutomation}}},
|
||||
&createDocument[busdb.Keyed[model.Automation]]{ID: "create-automation-hash.sha1", Collection: "automations", Document: &busdb.Keyed[model.Automation]{Key: "hash.sha1", Doc: &model.Automation{Image: "docker.io/python:3", Script: SHA1HashAutomation}}},
|
||||
&createDocument[busdb.Keyed[model.PlaybookTemplate]]{ID: "create-playbook-malware", Collection: "playbooks", Document: &busdb.Keyed[model.PlaybookTemplate]{Key: "malware", Doc: &model.PlaybookTemplate{Name: "Malware", Yaml: MalwarePlaybook}}},
|
||||
&createDocument[busdb.Keyed[model.PlaybookTemplate]]{ID: "create-playbook-phishing", Collection: "playbooks", Document: &busdb.Keyed[model.PlaybookTemplate]{Key: "phishing", Doc: &model.PlaybookTemplate{Name: "Phishing", Yaml: PhishingPlaybook}}},
|
||||
&createDocument[busdb.Keyed[model.TicketType]]{ID: "create-tickettype-alert", Collection: "tickettypes", Document: &busdb.Keyed[model.TicketType]{Key: "alert", Doc: &model.TicketType{Name: "Alerts", Icon: "mdi-alert", DefaultTemplate: "default", DefaultPlaybooks: []string{}, DefaultGroups: nil}}},
|
||||
&createDocument[busdb.Keyed[model.TicketType]]{ID: "create-tickettype-incident", Collection: "tickettypes", Document: &busdb.Keyed[model.TicketType]{Key: "incident", Doc: &model.TicketType{Name: "Incidents", Icon: "mdi-radioactive", DefaultTemplate: "default", DefaultPlaybooks: []string{}, DefaultGroups: nil}}},
|
||||
|
||||
@@ -1,63 +0,0 @@
|
||||
name: Malware
|
||||
tasks:
|
||||
file-or-hash:
|
||||
name: Do you have the file or the hash?
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
file:
|
||||
type: string
|
||||
title: "I have the"
|
||||
enum: [ "File", "Hash" ]
|
||||
next:
|
||||
enter-hash: "file == 'Hash'"
|
||||
upload: "file == 'File'"
|
||||
|
||||
enter-hash:
|
||||
name: Please enter the hash
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
hash:
|
||||
type: string
|
||||
title: Please enter the hash value
|
||||
minlength: 32
|
||||
next:
|
||||
virustotal: "hash != ''"
|
||||
|
||||
upload:
|
||||
name: Upload the malware
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
malware:
|
||||
type: object
|
||||
x-display: file
|
||||
title: Please upload the malware
|
||||
next:
|
||||
hash: "malware"
|
||||
|
||||
hash:
|
||||
name: Hash the malware
|
||||
type: automation
|
||||
automation: hash.sha1
|
||||
payload:
|
||||
default: "playbook.tasks['upload'].data['malware']"
|
||||
next:
|
||||
virustotal:
|
||||
|
||||
virustotal:
|
||||
name: Send hash to VirusTotal
|
||||
type: automation
|
||||
automation: vt.hash
|
||||
args:
|
||||
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
||||
# next:
|
||||
# known-malware: "score > 5"
|
||||
# sandbox: "score < 6" # unknown-malware
|
||||
@@ -13,9 +13,6 @@ paths:
|
||||
schema: { type: array, items: { $ref: "#/definitions/PlaybookTemplateResponse" } }
|
||||
examples:
|
||||
test:
|
||||
- id: malware
|
||||
name: Malware
|
||||
yaml: "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
||||
- id: phishing
|
||||
name: Phishing
|
||||
yaml: "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
||||
|
||||
@@ -194,7 +194,7 @@ var Tests = []struct {
|
||||
Args: Args{Method: "Get", URL: "/playbooks"},
|
||||
Want: Want{
|
||||
Status: 200,
|
||||
Body: []any{map[string]any{"id": "malware", "name": "Malware", "yaml": "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"}, map[string]any{"id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"}, map[string]any{"id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n"}},
|
||||
Body: []any{map[string]any{"id": "phishing", "name": "Phishing", "yaml": "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"}, map[string]any{"id": "simple", "name": "Simple", "yaml": "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n"}},
|
||||
},
|
||||
},
|
||||
|
||||
|
||||
@@ -1013,10 +1013,6 @@
|
||||
},
|
||||
"test" : {
|
||||
"example" : [ {
|
||||
"id" : "malware",
|
||||
"name" : "Malware",
|
||||
"yaml" : "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
||||
}, {
|
||||
"id" : "phishing",
|
||||
"name" : "Phishing",
|
||||
"yaml" : "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
||||
|
||||
@@ -2171,72 +2171,6 @@ paths:
|
||||
description: successful operation
|
||||
examples:
|
||||
test:
|
||||
- id: malware
|
||||
name: Malware
|
||||
yaml: |
|
||||
name: Malware
|
||||
tasks:
|
||||
file-or-hash:
|
||||
name: Do you have the file or the hash?
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
file:
|
||||
type: string
|
||||
title: "I have the"
|
||||
enum: [ "File", "Hash" ]
|
||||
next:
|
||||
enter-hash: "file == 'Hash'"
|
||||
upload: "file == 'File'"
|
||||
|
||||
enter-hash:
|
||||
name: Please enter the hash
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
hash:
|
||||
type: string
|
||||
title: Please enter the hash value
|
||||
minlength: 32
|
||||
next:
|
||||
virustotal: "hash != ''"
|
||||
|
||||
upload:
|
||||
name: Upload the malware
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
malware:
|
||||
type: object
|
||||
x-display: file
|
||||
title: Please upload the malware
|
||||
next:
|
||||
hash: "malware"
|
||||
|
||||
hash:
|
||||
name: Hash the malware
|
||||
type: automation
|
||||
automation: hash.sha1
|
||||
payload:
|
||||
default: "playbook.tasks['upload'].data['malware']"
|
||||
next:
|
||||
virustotal:
|
||||
|
||||
virustotal:
|
||||
name: Send hash to VirusTotal
|
||||
type: automation
|
||||
automation: vt.hash
|
||||
args:
|
||||
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
||||
# next:
|
||||
# known-malware: "score > 5"
|
||||
# sandbox: "score < 6" # unknown-malware
|
||||
- id: phishing
|
||||
name: Phishing
|
||||
yaml: |
|
||||
|
||||
@@ -781,10 +781,6 @@
|
||||
},
|
||||
"test" : {
|
||||
"example" : [ {
|
||||
"id" : "malware",
|
||||
"name" : "Malware",
|
||||
"yaml" : "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
||||
}, {
|
||||
"id" : "phishing",
|
||||
"name" : "Phishing",
|
||||
"yaml" : "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
||||
|
||||
@@ -1900,72 +1900,6 @@ paths:
|
||||
description: successful operation
|
||||
examples:
|
||||
test:
|
||||
- id: malware
|
||||
name: Malware
|
||||
yaml: |
|
||||
name: Malware
|
||||
tasks:
|
||||
file-or-hash:
|
||||
name: Do you have the file or the hash?
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
file:
|
||||
type: string
|
||||
title: "I have the"
|
||||
enum: [ "File", "Hash" ]
|
||||
next:
|
||||
enter-hash: "file == 'Hash'"
|
||||
upload: "file == 'File'"
|
||||
|
||||
enter-hash:
|
||||
name: Please enter the hash
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
hash:
|
||||
type: string
|
||||
title: Please enter the hash value
|
||||
minlength: 32
|
||||
next:
|
||||
virustotal: "hash != ''"
|
||||
|
||||
upload:
|
||||
name: Upload the malware
|
||||
type: input
|
||||
schema:
|
||||
title: Malware
|
||||
type: object
|
||||
properties:
|
||||
malware:
|
||||
type: object
|
||||
x-display: file
|
||||
title: Please upload the malware
|
||||
next:
|
||||
hash: "malware"
|
||||
|
||||
hash:
|
||||
name: Hash the malware
|
||||
type: automation
|
||||
automation: hash.sha1
|
||||
payload:
|
||||
default: "playbook.tasks['upload'].data['malware']"
|
||||
next:
|
||||
virustotal:
|
||||
|
||||
virustotal:
|
||||
name: Send hash to VirusTotal
|
||||
type: automation
|
||||
automation: vt.hash
|
||||
args:
|
||||
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
||||
# next:
|
||||
# known-malware: "score > 5"
|
||||
# sandbox: "score < 6" # unknown-malware
|
||||
- id: phishing
|
||||
name: Phishing
|
||||
yaml: |
|
||||
|
||||
Reference in New Issue
Block a user