mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-06 07:12:46 +01:00
203 lines
12 KiB
YAML
203 lines
12 KiB
YAML
swagger: "2.0"
|
|
info: { version: "", title: "" }
|
|
|
|
paths:
|
|
/playbooks:
|
|
get:
|
|
tags: [ "playbooks" ]
|
|
summary: "List playbooks"
|
|
operationId: "listPlaybooks"
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { type: array, items: { $ref: "#/definitions/PlaybookTemplateResponse" } }
|
|
examples:
|
|
test:
|
|
- id: malware
|
|
name: Malware
|
|
yaml: "name: Malware\ntasks:\n file-or-hash:\n name: Do you have the file or the hash?\n type: input\n schema:\n title: Malware\n type: object\n properties:\n file:\n type: string\n title: \"I have the\"\n enum: [ \"File\", \"Hash\" ]\n next:\n enter-hash: \"file == 'Hash'\"\n upload: \"file == 'File'\"\n\n enter-hash:\n name: Please enter the hash\n type: input\n schema:\n title: Malware\n type: object\n properties:\n hash:\n type: string\n title: Please enter the hash value\n minlength: 32\n next:\n virustotal: \"hash != ''\"\n\n upload:\n name: Upload the malware\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: object\n x-display: file\n title: Please upload the malware\n next:\n hash: \"malware\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['upload'].data['malware']\"\n next:\n virustotal:\n\n virustotal:\n name: Send hash to VirusTotal\n type: automation\n automation: vt.hash\n args:\n hash: \"playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']\"\n # next:\n # known-malware: \"score > 5\"\n # sandbox: \"score < 6\" # unknown-malware\n"
|
|
- id: phishing
|
|
name: Phishing
|
|
yaml: "name: Phishing\ntasks:\n board:\n name: Board Involvement?\n description: Is a board member involved?\n type: input\n schema:\n properties:\n boardInvolved:\n default: false\n title: A board member is involved.\n type: boolean\n required:\n - boardInvolved\n title: Board Involvement?\n type: object\n next:\n escalate: \"boardInvolved == true\"\n mail-available: \"boardInvolved == false\"\n\n escalate:\n name: Escalate to CISO\n description: Please escalate the task to the CISO\n type: task\n\n mail-available:\n name: Mail available\n type: input\n schema:\n oneOf:\n - properties:\n mail:\n title: Mail\n type: string\n x-display: textarea\n schemaKey:\n const: 'yes'\n type: string\n required:\n - mail\n title: 'Yes'\n - properties:\n schemaKey:\n const: 'no'\n type: string\n title: 'No'\n title: Mail available\n type: object\n next:\n block-sender: \"schemaKey == 'yes'\"\n extract-iocs: \"schemaKey == 'yes'\"\n search-email-gateway: \"schemaKey == 'no'\"\n\n search-email-gateway:\n name: Search email gateway\n description: Please search email-gateway for the phishing mail.\n type: task\n next:\n extract-iocs:\n\n block-sender:\n name: Block sender\n type: task\n next:\n extract-iocs:\n\n extract-iocs:\n name: Extract IOCs\n description: Please insert the IOCs\n type: input\n schema:\n properties:\n iocs:\n items:\n type: string\n title: IOCs\n type: array\n title: Extract IOCs\n type: object\n next:\n block-iocs:\n\n block-iocs:\n name: Block IOCs\n type: task\n"
|
|
- id: simple
|
|
name: Simple
|
|
yaml: "name: Simple\ntasks:\n input:\n name: Enter something to hash\n type: input\n schema:\n title: Something\n type: object\n properties:\n something:\n type: string\n title: Something\n default: \"\"\n next:\n hash: \"something != ''\"\n\n hash:\n name: Hash the something\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['something']\"\n next:\n comment: \"hash != ''\"\n\n comment:\n name: Comment the hash\n type: automation\n automation: comment\n payload:\n default: \"playbook.tasks['hash'].data['hash']\"\n next:\n done: \"done\"\n\n done:\n name: You can close this case now\n type: task\n"
|
|
security: [ { roles: [ "playbook:read" ] } ]
|
|
post:
|
|
tags: [ "playbooks" ]
|
|
summary: "Create a playbook"
|
|
operationId: "createPlaybook"
|
|
parameters:
|
|
- { name: "playbook", in: "body", description: "New playbook", required: true, schema: { $ref: "#/definitions/PlaybookTemplateForm" }, x-example: { yaml: "name: Simple2\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { type: array, items: { $ref: "#/definitions/PlaybookTemplateResponse" } }
|
|
examples:
|
|
test:
|
|
id: simple-2
|
|
name: Simple2
|
|
yaml: |
|
|
name: Simple2
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
security: [ { roles: [ "playbook:write" ] } ]
|
|
|
|
/playbooks/{id}:
|
|
get:
|
|
tags: [ "playbooks" ]
|
|
summary: "Get a single playbook"
|
|
operationId: "getPlaybook"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Playbook name", required: true, type: string, x-example: "simple" }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/PlaybookTemplateResponse" }
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Enter something to hash
|
|
type: input
|
|
schema:
|
|
title: Something
|
|
type: object
|
|
properties:
|
|
something:
|
|
type: string
|
|
title: Something
|
|
default: ""
|
|
next:
|
|
hash: "something != ''"
|
|
|
|
hash:
|
|
name: Hash the something
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['something']"
|
|
next:
|
|
comment: "hash != ''"
|
|
|
|
comment:
|
|
name: Comment the hash
|
|
type: automation
|
|
automation: comment
|
|
payload:
|
|
default: "playbook.tasks['hash'].data['hash']"
|
|
next:
|
|
done: "done"
|
|
|
|
done:
|
|
name: You can close this case now
|
|
type: task
|
|
|
|
security: [ { roles: [ "playbook:read" ] } ]
|
|
put:
|
|
tags: [ "playbooks" ]
|
|
summary: "Update an existing ticket playbook"
|
|
operationId: "updatePlaybook"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Playbook ID", required: true, type: string, x-example: "simple" }
|
|
- { name: "playbook", in: "body", description: "Updated playbook", required: true, schema: { $ref: "#/definitions/PlaybookTemplateForm" }, x-example: { yaml: "name: Simple\ntasks:\n input:\n name: Upload malware if possible\n type: input\n schema:\n title: Malware\n type: object\n properties:\n malware:\n type: string\n title: Select malware\n default: \"\"\n next:\n hash: \"malware != ''\"\n\n hash:\n name: Hash the malware\n type: automation\n automation: hash.sha1\n payload:\n default: \"playbook.tasks['input'].data['malware']\"\n next:\n escalate:\n\n escalate:\n name: Escalate to malware team\n type: task\n" } }
|
|
responses:
|
|
"200":
|
|
description: "successful operation"
|
|
schema: { $ref: "#/definitions/PlaybookTemplateResponse" }
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
security: [ { roles: [ "playbook:write" ] } ]
|
|
delete:
|
|
tags: [ "playbooks" ]
|
|
summary: "Delete a playbook"
|
|
operationId: "deletePlaybook"
|
|
parameters:
|
|
- { name: "id", in: "path", description: "Playbook name", required: true, type: string, x-example: "simple" }
|
|
responses:
|
|
"204": { description: "successful operation" }
|
|
security: [ { roles: [ "playbook:write" ] } ]
|
|
|
|
definitions:
|
|
PlaybookTemplateForm:
|
|
type: object
|
|
required: [ yaml ]
|
|
properties:
|
|
id: { type: string }
|
|
yaml: { type: string }
|
|
|
|
PlaybookTemplate:
|
|
type: object
|
|
required: [ name, yaml ]
|
|
properties:
|
|
name: { type: string }
|
|
yaml: { type: string }
|
|
|
|
PlaybookTemplateResponse:
|
|
type: object
|
|
required: [ id, name, yaml ]
|
|
properties:
|
|
id: { type: string }
|
|
name: { type: string }
|
|
yaml: { type: string }
|