mirror of
https://github.com/SecurityBrewery/catalyst.git
synced 2025-12-06 15:22:47 +01:00
7200 lines
215 KiB
YAML
7200 lines
215 KiB
YAML
basePath: /api
|
|
consumes:
|
|
- application/json
|
|
definitions:
|
|
Artifact:
|
|
properties:
|
|
enrichments:
|
|
additionalProperties:
|
|
$ref: '#/definitions/Enrichment'
|
|
type: object
|
|
kind:
|
|
type: string
|
|
name:
|
|
example: 2.2.2.2
|
|
type: string
|
|
status:
|
|
example: Unknown
|
|
type: string
|
|
type:
|
|
type: string
|
|
required:
|
|
- name
|
|
type: object
|
|
ArtifactOrigin:
|
|
properties:
|
|
artifact:
|
|
type: string
|
|
ticket_id:
|
|
format: int64
|
|
type: integer
|
|
required:
|
|
- ticket_id
|
|
- artifact
|
|
type: object
|
|
Automation:
|
|
properties:
|
|
image:
|
|
type: string
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
script:
|
|
type: string
|
|
type:
|
|
items:
|
|
enum:
|
|
- artifact
|
|
- playbook
|
|
- global
|
|
type: string
|
|
type: array
|
|
required:
|
|
- image
|
|
- script
|
|
- type
|
|
type: object
|
|
AutomationForm:
|
|
properties:
|
|
id:
|
|
type: string
|
|
image:
|
|
type: string
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
script:
|
|
type: string
|
|
type:
|
|
items:
|
|
enum:
|
|
- artifact
|
|
- playbook
|
|
- global
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- image
|
|
- script
|
|
- type
|
|
type: object
|
|
AutomationResponse:
|
|
properties:
|
|
id:
|
|
type: string
|
|
image:
|
|
type: string
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
script:
|
|
type: string
|
|
type:
|
|
items:
|
|
enum:
|
|
- artifact
|
|
- playbook
|
|
- global
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- image
|
|
- script
|
|
- type
|
|
type: object
|
|
Comment:
|
|
properties:
|
|
created:
|
|
format: date-time
|
|
type: string
|
|
creator:
|
|
type: string
|
|
message:
|
|
type: string
|
|
required:
|
|
- creator
|
|
- created
|
|
- message
|
|
type: object
|
|
CommentForm:
|
|
properties:
|
|
created:
|
|
format: date-time
|
|
type: string
|
|
creator:
|
|
type: string
|
|
message:
|
|
type: string
|
|
required:
|
|
- message
|
|
type: object
|
|
Context:
|
|
properties:
|
|
artifact:
|
|
$ref: '#/definitions/Artifact'
|
|
playbook:
|
|
$ref: '#/definitions/PlaybookResponse'
|
|
task:
|
|
$ref: '#/definitions/TaskResponse'
|
|
ticket:
|
|
$ref: '#/definitions/TicketResponse'
|
|
type: object
|
|
Dashboard:
|
|
properties:
|
|
name:
|
|
type: string
|
|
widgets:
|
|
items:
|
|
$ref: '#/definitions/Widget'
|
|
type: array
|
|
required:
|
|
- name
|
|
- widgets
|
|
type: object
|
|
DashboardResponse:
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
widgets:
|
|
items:
|
|
$ref: '#/definitions/Widget'
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- widgets
|
|
type: object
|
|
Enrichment:
|
|
properties:
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
data:
|
|
example:
|
|
hash: b7a067a742c20d07a7456646de89bc2d408a1153
|
|
type: object
|
|
name:
|
|
example: hash.sha1
|
|
type: string
|
|
required:
|
|
- name
|
|
- data
|
|
- created
|
|
type: object
|
|
EnrichmentForm:
|
|
properties:
|
|
data:
|
|
example:
|
|
hash: b7a067a742c20d07a7456646de89bc2d408a1153
|
|
type: object
|
|
name:
|
|
example: hash.sha1
|
|
type: string
|
|
required:
|
|
- name
|
|
- data
|
|
type: object
|
|
File:
|
|
properties:
|
|
key:
|
|
example: myfile
|
|
type: string
|
|
name:
|
|
example: notes.docx
|
|
type: string
|
|
required:
|
|
- key
|
|
- name
|
|
type: object
|
|
Job:
|
|
properties:
|
|
automation:
|
|
type: string
|
|
container:
|
|
type: string
|
|
log:
|
|
type: string
|
|
origin:
|
|
$ref: '#/definitions/Origin'
|
|
output:
|
|
type: object
|
|
payload: {}
|
|
running:
|
|
type: boolean
|
|
status:
|
|
type: string
|
|
required:
|
|
- automation
|
|
- running
|
|
- status
|
|
type: object
|
|
JobForm:
|
|
properties:
|
|
automation:
|
|
type: string
|
|
origin:
|
|
$ref: '#/definitions/Origin'
|
|
payload: {}
|
|
required:
|
|
- automation
|
|
type: object
|
|
JobResponse:
|
|
properties:
|
|
automation:
|
|
type: string
|
|
container:
|
|
type: string
|
|
id:
|
|
type: string
|
|
log:
|
|
type: string
|
|
origin:
|
|
$ref: '#/definitions/Origin'
|
|
output:
|
|
type: object
|
|
payload: {}
|
|
status:
|
|
type: string
|
|
required:
|
|
- id
|
|
- automation
|
|
- status
|
|
type: object
|
|
JobUpdate:
|
|
properties:
|
|
container:
|
|
type: string
|
|
log:
|
|
type: string
|
|
output:
|
|
type: object
|
|
running:
|
|
type: boolean
|
|
status:
|
|
type: string
|
|
required:
|
|
- running
|
|
- status
|
|
type: object
|
|
LogEntry:
|
|
properties:
|
|
created:
|
|
format: date-time
|
|
type: string
|
|
creator:
|
|
type: string
|
|
message:
|
|
type: string
|
|
reference:
|
|
type: string
|
|
type:
|
|
type: string
|
|
required:
|
|
- type
|
|
- reference
|
|
- creator
|
|
- created
|
|
- message
|
|
type: object
|
|
Message:
|
|
properties:
|
|
context:
|
|
$ref: '#/definitions/Context'
|
|
payload: {}
|
|
secrets:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
type: object
|
|
NewUserResponse:
|
|
properties:
|
|
blocked:
|
|
type: boolean
|
|
id:
|
|
type: string
|
|
roles:
|
|
items:
|
|
type: string
|
|
type: array
|
|
secret:
|
|
type: string
|
|
required:
|
|
- id
|
|
- blocked
|
|
- roles
|
|
type: object
|
|
Origin:
|
|
properties:
|
|
artifact_origin:
|
|
$ref: '#/definitions/ArtifactOrigin'
|
|
task_origin:
|
|
$ref: '#/definitions/TaskOrigin'
|
|
type: object
|
|
Playbook:
|
|
properties:
|
|
name:
|
|
example: Phishing
|
|
type: string
|
|
tasks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/Task'
|
|
type: object
|
|
required:
|
|
- name
|
|
- tasks
|
|
type: object
|
|
PlaybookResponse:
|
|
properties:
|
|
name:
|
|
example: Phishing
|
|
type: string
|
|
tasks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/TaskResponse'
|
|
type: object
|
|
required:
|
|
- name
|
|
- tasks
|
|
type: object
|
|
PlaybookTemplate:
|
|
properties:
|
|
name:
|
|
type: string
|
|
yaml:
|
|
type: string
|
|
required:
|
|
- name
|
|
- yaml
|
|
type: object
|
|
PlaybookTemplateForm:
|
|
properties:
|
|
id:
|
|
type: string
|
|
yaml:
|
|
type: string
|
|
required:
|
|
- yaml
|
|
type: object
|
|
PlaybookTemplateResponse:
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
yaml:
|
|
type: string
|
|
required:
|
|
- id
|
|
- name
|
|
- yaml
|
|
type: object
|
|
Reference:
|
|
properties:
|
|
href:
|
|
example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144
|
|
type: string
|
|
name:
|
|
example: CVE-2017-0144
|
|
type: string
|
|
required:
|
|
- name
|
|
- href
|
|
type: object
|
|
ReferenceArray:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
Settings:
|
|
properties:
|
|
artifactKinds:
|
|
items:
|
|
$ref: '#/definitions/Type'
|
|
title: Artifact Kinds
|
|
type: array
|
|
artifactStates:
|
|
items:
|
|
$ref: '#/definitions/Type'
|
|
title: Artifact States
|
|
type: array
|
|
timeformat:
|
|
title: Time Format
|
|
type: string
|
|
required:
|
|
- timeformat
|
|
- artifactKinds
|
|
- artifactStates
|
|
type: object
|
|
SettingsResponse:
|
|
properties:
|
|
artifactKinds:
|
|
items:
|
|
$ref: '#/definitions/Type'
|
|
title: Artifact Kinds
|
|
type: array
|
|
artifactStates:
|
|
items:
|
|
$ref: '#/definitions/Type'
|
|
title: Artifact States
|
|
type: array
|
|
roles:
|
|
items:
|
|
type: string
|
|
title: Roles
|
|
type: array
|
|
ticketTypes:
|
|
items:
|
|
$ref: '#/definitions/TicketTypeResponse'
|
|
title: Ticket Types
|
|
type: array
|
|
tier:
|
|
enum:
|
|
- community
|
|
- enterprise
|
|
title: Tier
|
|
type: string
|
|
timeformat:
|
|
title: Time Format
|
|
type: string
|
|
version:
|
|
title: Version
|
|
type: string
|
|
required:
|
|
- version
|
|
- tier
|
|
- timeformat
|
|
- ticketTypes
|
|
- artifactKinds
|
|
- artifactStates
|
|
type: object
|
|
Statistics:
|
|
properties:
|
|
open_tickets_per_user:
|
|
additionalProperties:
|
|
type: integer
|
|
type: object
|
|
tickets_per_type:
|
|
additionalProperties:
|
|
type: integer
|
|
type: object
|
|
tickets_per_week:
|
|
additionalProperties:
|
|
type: integer
|
|
type: object
|
|
unassigned:
|
|
type: integer
|
|
required:
|
|
- unassigned
|
|
- open_tickets_per_user
|
|
- tickets_per_week
|
|
- tickets_per_type
|
|
type: object
|
|
Task:
|
|
properties:
|
|
automation:
|
|
type: string
|
|
closed:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
data:
|
|
type: object
|
|
done:
|
|
type: boolean
|
|
join:
|
|
example: false
|
|
type: boolean
|
|
name:
|
|
example: Inform user
|
|
type: string
|
|
next:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
owner:
|
|
type: string
|
|
payload:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
schema:
|
|
type: object
|
|
type:
|
|
enum:
|
|
- task
|
|
- input
|
|
- automation
|
|
example: task
|
|
type: string
|
|
required:
|
|
- name
|
|
- type
|
|
- done
|
|
- created
|
|
type: object
|
|
TaskOrigin:
|
|
properties:
|
|
playbook_id:
|
|
type: string
|
|
task_id:
|
|
type: string
|
|
ticket_id:
|
|
format: int64
|
|
type: integer
|
|
required:
|
|
- ticket_id
|
|
- playbook_id
|
|
- task_id
|
|
type: object
|
|
TaskResponse:
|
|
properties:
|
|
active:
|
|
example: false
|
|
type: boolean
|
|
automation:
|
|
type: string
|
|
closed:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
data:
|
|
type: object
|
|
done:
|
|
type: boolean
|
|
join:
|
|
example: false
|
|
type: boolean
|
|
name:
|
|
example: Inform user
|
|
type: string
|
|
next:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
order:
|
|
example: 2
|
|
format: int64
|
|
type: number
|
|
owner:
|
|
type: string
|
|
payload:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
schema:
|
|
type: object
|
|
type:
|
|
enum:
|
|
- task
|
|
- input
|
|
- automation
|
|
example: task
|
|
type: string
|
|
required:
|
|
- name
|
|
- type
|
|
- done
|
|
- created
|
|
- order
|
|
- active
|
|
type: object
|
|
TaskWithContext:
|
|
properties:
|
|
playbook_id:
|
|
type: string
|
|
playbook_name:
|
|
type: string
|
|
task:
|
|
$ref: '#/definitions/TaskResponse'
|
|
task_id:
|
|
type: string
|
|
ticket_id:
|
|
format: int64
|
|
type: number
|
|
ticket_name:
|
|
type: string
|
|
required:
|
|
- ticket_id
|
|
- ticket_name
|
|
- playbook_id
|
|
- playbook_name
|
|
- task_id
|
|
- task
|
|
type: object
|
|
Ticket:
|
|
properties:
|
|
artifacts:
|
|
items:
|
|
$ref: '#/definitions/Artifact'
|
|
type: array
|
|
comments:
|
|
items:
|
|
$ref: '#/definitions/Comment'
|
|
type: array
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
details:
|
|
example:
|
|
description: my little incident
|
|
type: object
|
|
files:
|
|
items:
|
|
$ref: '#/definitions/File'
|
|
type: array
|
|
modified:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
name:
|
|
example: WannyCry
|
|
type: string
|
|
owner:
|
|
example: bob
|
|
type: string
|
|
playbooks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/Playbook'
|
|
type: object
|
|
read:
|
|
example:
|
|
- bob
|
|
items:
|
|
type: string
|
|
type: array
|
|
references:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
status:
|
|
example: open
|
|
type: string
|
|
type:
|
|
example: incident
|
|
type: string
|
|
write:
|
|
example:
|
|
- alice
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- name
|
|
- type
|
|
- status
|
|
- created
|
|
- modified
|
|
- schema
|
|
type: object
|
|
TicketForm:
|
|
properties:
|
|
artifacts:
|
|
items:
|
|
$ref: '#/definitions/Artifact'
|
|
type: array
|
|
comments:
|
|
items:
|
|
$ref: '#/definitions/Comment'
|
|
type: array
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
details:
|
|
example:
|
|
description: my little incident
|
|
type: object
|
|
files:
|
|
items:
|
|
$ref: '#/definitions/File'
|
|
type: array
|
|
id:
|
|
example: 123
|
|
format: int64
|
|
type: integer
|
|
modified:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
name:
|
|
example: WannyCry
|
|
type: string
|
|
owner:
|
|
example: bob
|
|
type: string
|
|
playbooks:
|
|
items:
|
|
$ref: '#/definitions/PlaybookTemplateForm'
|
|
type: array
|
|
read:
|
|
example:
|
|
- bob
|
|
items:
|
|
type: string
|
|
type: array
|
|
references:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
status:
|
|
example: open
|
|
type: string
|
|
type:
|
|
example: incident
|
|
type: string
|
|
write:
|
|
example:
|
|
- alice
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- name
|
|
- type
|
|
- status
|
|
type: object
|
|
TicketFormArray:
|
|
items:
|
|
$ref: '#/definitions/TicketForm'
|
|
type: array
|
|
TicketList:
|
|
properties:
|
|
count:
|
|
example: 3
|
|
type: number
|
|
tickets:
|
|
items:
|
|
$ref: '#/definitions/TicketSimpleResponse'
|
|
type: array
|
|
required:
|
|
- tickets
|
|
- count
|
|
type: object
|
|
TicketResponse:
|
|
properties:
|
|
artifacts:
|
|
items:
|
|
$ref: '#/definitions/Artifact'
|
|
type: array
|
|
comments:
|
|
items:
|
|
$ref: '#/definitions/Comment'
|
|
type: array
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
details:
|
|
example:
|
|
description: my little incident
|
|
type: object
|
|
files:
|
|
items:
|
|
$ref: '#/definitions/File'
|
|
type: array
|
|
id:
|
|
example: 123
|
|
format: int64
|
|
type: integer
|
|
modified:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
name:
|
|
example: WannyCry
|
|
type: string
|
|
owner:
|
|
example: bob
|
|
type: string
|
|
playbooks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/PlaybookResponse'
|
|
type: object
|
|
read:
|
|
example:
|
|
- bob
|
|
items:
|
|
type: string
|
|
type: array
|
|
references:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
status:
|
|
example: open
|
|
type: string
|
|
type:
|
|
example: incident
|
|
type: string
|
|
write:
|
|
example:
|
|
- alice
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- type
|
|
- status
|
|
- created
|
|
- modified
|
|
- schema
|
|
type: object
|
|
TicketSimpleResponse:
|
|
properties:
|
|
artifacts:
|
|
items:
|
|
$ref: '#/definitions/Artifact'
|
|
type: array
|
|
comments:
|
|
items:
|
|
$ref: '#/definitions/Comment'
|
|
type: array
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
details:
|
|
example:
|
|
description: my little incident
|
|
type: object
|
|
files:
|
|
items:
|
|
$ref: '#/definitions/File'
|
|
type: array
|
|
id:
|
|
example: 123
|
|
format: int64
|
|
type: integer
|
|
modified:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
name:
|
|
example: WannyCry
|
|
type: string
|
|
owner:
|
|
example: bob
|
|
type: string
|
|
playbooks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/Playbook'
|
|
type: object
|
|
read:
|
|
example:
|
|
- bob
|
|
items:
|
|
type: string
|
|
type: array
|
|
references:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
status:
|
|
example: open
|
|
type: string
|
|
type:
|
|
example: incident
|
|
type: string
|
|
write:
|
|
example:
|
|
- alice
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- type
|
|
- status
|
|
- created
|
|
- modified
|
|
- schema
|
|
type: object
|
|
TicketTemplate:
|
|
properties:
|
|
name:
|
|
type: string
|
|
schema:
|
|
type: string
|
|
required:
|
|
- name
|
|
- schema
|
|
type: object
|
|
TicketTemplateForm:
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
schema:
|
|
type: string
|
|
required:
|
|
- name
|
|
- schema
|
|
type: object
|
|
TicketTemplateResponse:
|
|
properties:
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
schema:
|
|
type: string
|
|
required:
|
|
- id
|
|
- name
|
|
- schema
|
|
type: object
|
|
TicketType:
|
|
properties:
|
|
default_groups:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_playbooks:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_template:
|
|
type: string
|
|
icon:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
- icon
|
|
- default_template
|
|
- default_playbooks
|
|
type: object
|
|
TicketTypeForm:
|
|
properties:
|
|
default_groups:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_playbooks:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_template:
|
|
type: string
|
|
icon:
|
|
type: string
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- name
|
|
- icon
|
|
- default_template
|
|
- default_playbooks
|
|
type: object
|
|
TicketTypeResponse:
|
|
properties:
|
|
default_groups:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_playbooks:
|
|
items:
|
|
type: string
|
|
type: array
|
|
default_template:
|
|
type: string
|
|
icon:
|
|
type: string
|
|
id:
|
|
type: string
|
|
name:
|
|
type: string
|
|
required:
|
|
- id
|
|
- name
|
|
- icon
|
|
- default_template
|
|
- default_playbooks
|
|
type: object
|
|
TicketWithTickets:
|
|
properties:
|
|
artifacts:
|
|
items:
|
|
$ref: '#/definitions/Artifact'
|
|
type: array
|
|
comments:
|
|
items:
|
|
$ref: '#/definitions/Comment'
|
|
type: array
|
|
created:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
details:
|
|
example:
|
|
description: my little incident
|
|
type: object
|
|
files:
|
|
items:
|
|
$ref: '#/definitions/File'
|
|
type: array
|
|
id:
|
|
example: 123
|
|
format: int64
|
|
type: integer
|
|
logs:
|
|
items:
|
|
$ref: '#/definitions/LogEntry'
|
|
type: array
|
|
modified:
|
|
example: 1985-04-12T23:20:50.52Z
|
|
format: date-time
|
|
type: string
|
|
name:
|
|
example: WannyCry
|
|
type: string
|
|
owner:
|
|
example: bob
|
|
type: string
|
|
playbooks:
|
|
additionalProperties:
|
|
$ref: '#/definitions/PlaybookResponse'
|
|
type: object
|
|
read:
|
|
example:
|
|
- bob
|
|
items:
|
|
type: string
|
|
type: array
|
|
references:
|
|
items:
|
|
$ref: '#/definitions/Reference'
|
|
type: array
|
|
schema:
|
|
example: '{}'
|
|
type: string
|
|
status:
|
|
example: open
|
|
type: string
|
|
tickets:
|
|
items:
|
|
$ref: '#/definitions/TicketSimpleResponse'
|
|
type: array
|
|
type:
|
|
example: incident
|
|
type: string
|
|
write:
|
|
example:
|
|
- alice
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- name
|
|
- type
|
|
- status
|
|
- created
|
|
- modified
|
|
- schema
|
|
type: object
|
|
Type:
|
|
properties:
|
|
color:
|
|
enum:
|
|
- error
|
|
- info
|
|
- success
|
|
- warning
|
|
title: Color
|
|
type: string
|
|
x-cols: 3
|
|
icon:
|
|
title: Icon (https://materialdesignicons.com)
|
|
type: string
|
|
x-class: pr-2
|
|
x-cols: 3
|
|
id:
|
|
title: ID
|
|
type: string
|
|
x-class: pr-2
|
|
x-cols: 3
|
|
name:
|
|
title: Name
|
|
type: string
|
|
x-class: pr-2
|
|
x-cols: 3
|
|
required:
|
|
- id
|
|
- name
|
|
- icon
|
|
type: object
|
|
User:
|
|
properties:
|
|
apikey:
|
|
type: boolean
|
|
blocked:
|
|
type: boolean
|
|
roles:
|
|
items:
|
|
type: string
|
|
type: array
|
|
sha256:
|
|
type: string
|
|
required:
|
|
- blocked
|
|
- apikey
|
|
- roles
|
|
type: object
|
|
UserData:
|
|
properties:
|
|
email:
|
|
type: string
|
|
x-example: bob@example.org
|
|
image:
|
|
type: string
|
|
x-display: custom-avatar
|
|
name:
|
|
type: string
|
|
x-example: Robert Smith
|
|
timeformat:
|
|
title: Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
|
|
type: string
|
|
type: object
|
|
UserDataResponse:
|
|
properties:
|
|
email:
|
|
type: string
|
|
x-example: bob@example.org
|
|
id:
|
|
type: string
|
|
image:
|
|
type: string
|
|
x-display: custom-avatar
|
|
name:
|
|
type: string
|
|
x-example: Robert Smith
|
|
timeformat:
|
|
title: Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
|
|
type: string
|
|
required:
|
|
- id
|
|
type: object
|
|
UserForm:
|
|
properties:
|
|
apikey:
|
|
type: boolean
|
|
blocked:
|
|
type: boolean
|
|
id:
|
|
type: string
|
|
roles:
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- blocked
|
|
- roles
|
|
- apikey
|
|
type: object
|
|
UserResponse:
|
|
properties:
|
|
apikey:
|
|
type: boolean
|
|
blocked:
|
|
type: boolean
|
|
id:
|
|
type: string
|
|
roles:
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- id
|
|
- blocked
|
|
- roles
|
|
- apikey
|
|
type: object
|
|
Widget:
|
|
properties:
|
|
aggregation:
|
|
type: string
|
|
filter:
|
|
type: string
|
|
name:
|
|
type: string
|
|
type:
|
|
enum:
|
|
- bar
|
|
- line
|
|
- pie
|
|
type: string
|
|
width:
|
|
maximum: 12
|
|
minimum: 1
|
|
type: integer
|
|
required:
|
|
- name
|
|
- type
|
|
- aggregation
|
|
- width
|
|
type: object
|
|
host: .
|
|
info:
|
|
description: API for the catalyst incident response platform.
|
|
title: ""
|
|
version: ""
|
|
paths:
|
|
/automations:
|
|
get:
|
|
operationId: listAutomations
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- id: comment
|
|
image: docker.io/python:3
|
|
script: ""
|
|
type:
|
|
- playbook
|
|
- id: hash.sha1
|
|
image: docker.io/python:3
|
|
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
|
|
script: ""
|
|
type:
|
|
- global
|
|
- artifact
|
|
- playbook
|
|
- id: vt.hash
|
|
image: docker.io/python:3
|
|
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
|
|
script: ""
|
|
type:
|
|
- global
|
|
- artifact
|
|
- playbook
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/AutomationResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- automation:read
|
|
summary: List automations
|
|
tags:
|
|
- automations
|
|
post:
|
|
operationId: createAutomation
|
|
parameters:
|
|
- description: New automation
|
|
in: body
|
|
name: automation
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/AutomationForm'
|
|
x-example:
|
|
id: hash-sha-256
|
|
image: docker.io/python:3
|
|
script: |
|
|
import sys
|
|
import json
|
|
import hashlib
|
|
|
|
|
|
def run(msg):
|
|
sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))
|
|
return {'hash': sha256.hexdigest()}
|
|
|
|
|
|
print(json.dumps(run(json.loads(sys.argv[1]))))
|
|
type:
|
|
- global
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: hash-sha-256
|
|
image: docker.io/python:3
|
|
script: |
|
|
import sys
|
|
import json
|
|
import hashlib
|
|
|
|
|
|
def run(msg):
|
|
sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))
|
|
return {'hash': sha256.hexdigest()}
|
|
|
|
|
|
print(json.dumps(run(json.loads(sys.argv[1]))))
|
|
type:
|
|
- global
|
|
schema:
|
|
$ref: '#/definitions/AutomationResponse'
|
|
security:
|
|
- roles:
|
|
- automation:write
|
|
summary: Create a new automation
|
|
tags:
|
|
- automations
|
|
/automations/{id}:
|
|
delete:
|
|
operationId: deleteAutomation
|
|
parameters:
|
|
- description: Automation ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: hash.sha1
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- automation:write
|
|
summary: Delete a automation
|
|
tags:
|
|
- automations
|
|
get:
|
|
operationId: getAutomation
|
|
parameters:
|
|
- description: Automation ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: hash.sha1
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: hash.sha1
|
|
image: docker.io/python:3
|
|
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
|
|
script: |
|
|
#!/usr/bin/env python
|
|
|
|
import sys
|
|
import json
|
|
import hashlib
|
|
|
|
|
|
def run(msg):
|
|
sha1 = hashlib.sha1(msg['payload']['default'].encode('utf-8'))
|
|
return {"hash": sha1.hexdigest()}
|
|
|
|
|
|
print(json.dumps(run(json.loads(sys.argv[1]))))
|
|
type:
|
|
- global
|
|
- artifact
|
|
- playbook
|
|
schema:
|
|
$ref: '#/definitions/AutomationResponse'
|
|
security:
|
|
- roles:
|
|
- automation:read
|
|
summary: Get a single automation
|
|
tags:
|
|
- automations
|
|
put:
|
|
operationId: updateAutomation
|
|
parameters:
|
|
- description: Automation ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: hash.sha1
|
|
- description: Automation object that needs to be added
|
|
in: body
|
|
name: automation
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/AutomationForm'
|
|
x-example:
|
|
id: hash.sha1
|
|
image: docker.io/python:3
|
|
script: |
|
|
import sys
|
|
import json
|
|
import hashlib
|
|
|
|
|
|
def run(msg):
|
|
sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))
|
|
return {'hash': sha1.hexdigest()}
|
|
|
|
|
|
print(json.dumps(run(json.loads(sys.argv[1]))))
|
|
type:
|
|
- global
|
|
- artifact
|
|
- playbook
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: hash.sha1
|
|
image: docker.io/python:3
|
|
script: |
|
|
import sys
|
|
import json
|
|
import hashlib
|
|
|
|
|
|
def run(msg):
|
|
sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))
|
|
return {'hash': sha1.hexdigest()}
|
|
|
|
|
|
print(json.dumps(run(json.loads(sys.argv[1]))))
|
|
type:
|
|
- global
|
|
- artifact
|
|
- playbook
|
|
schema:
|
|
$ref: '#/definitions/AutomationResponse'
|
|
security:
|
|
- roles:
|
|
- automation:write
|
|
summary: Update an existing automation
|
|
tags:
|
|
- automations
|
|
/currentuser:
|
|
get:
|
|
operationId: currentUser
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
apikey: false
|
|
blocked: false
|
|
id: bob
|
|
roles:
|
|
- admin:backup:read
|
|
- admin:backup:restore
|
|
- admin:dashboard:write
|
|
- admin:group:write
|
|
- admin:job:read
|
|
- admin:job:write
|
|
- admin:log:read
|
|
- admin:settings:write
|
|
- admin:ticket:delete
|
|
- admin:user:write
|
|
- admin:userdata:read
|
|
- admin:userdata:write
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
schema:
|
|
$ref: '#/definitions/UserResponse'
|
|
security:
|
|
- roles:
|
|
- currentuser:read
|
|
summary: Get current user
|
|
tags:
|
|
- users
|
|
/currentuserdata:
|
|
get:
|
|
operationId: currentUserData
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
email: bob@example.org
|
|
id: bob
|
|
name: Bob Bad
|
|
schema:
|
|
$ref: '#/definitions/UserDataResponse'
|
|
security:
|
|
- roles:
|
|
- currentuserdata:read
|
|
summary: Get current user data
|
|
tags:
|
|
- userdata
|
|
put:
|
|
operationId: updateCurrentUserData
|
|
parameters:
|
|
- description: User data object that needs to be added
|
|
in: body
|
|
name: userdata
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/UserData'
|
|
x-example:
|
|
email: bob@example.org
|
|
name: Bob Bad
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
email: bob@example.org
|
|
id: bob
|
|
name: Bob Bad
|
|
schema:
|
|
$ref: '#/definitions/UserDataResponse'
|
|
security:
|
|
- roles:
|
|
- currentuserdata:write
|
|
summary: Update current user data
|
|
tags:
|
|
- userdata
|
|
/dashboard/data:
|
|
get:
|
|
operationId: dashboardData
|
|
parameters:
|
|
- description: Aggregation
|
|
in: query
|
|
name: aggregation
|
|
required: true
|
|
type: string
|
|
x-example: type
|
|
- description: Filter
|
|
in: query
|
|
name: filter
|
|
type: string
|
|
x-example: status == "closed"
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
alert: 2
|
|
incident: 1
|
|
schema:
|
|
type: object
|
|
security:
|
|
- roles:
|
|
- dashboard:read
|
|
summary: Get widget data
|
|
tags:
|
|
- dashboards
|
|
/dashboards:
|
|
get:
|
|
operationId: listDashboards
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- id: simple
|
|
name: Simple
|
|
widgets:
|
|
- aggregation: owner
|
|
filter: status == "open"
|
|
name: open_tickets_per_user
|
|
type: bar
|
|
width: 4
|
|
- aggregation: 'CONCAT(DATE_YEAR(created), "-", DATE_ISOWEEK(created)
|
|
< 10 ? "0" : "", DATE_ISOWEEK(created))'
|
|
name: tickets_per_week
|
|
type: line
|
|
width: 8
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/DashboardResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- dashboard:read
|
|
summary: List dashboards
|
|
tags:
|
|
- dashboards
|
|
post:
|
|
operationId: createDashboard
|
|
parameters:
|
|
- description: New template
|
|
in: body
|
|
name: template
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Dashboard'
|
|
x-example:
|
|
name: My Dashboard
|
|
widgets: []
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: my-dashboard
|
|
name: My Dashboard
|
|
widgets: []
|
|
schema:
|
|
$ref: '#/definitions/DashboardResponse'
|
|
security:
|
|
- roles:
|
|
- dashboard:write
|
|
summary: Create a new dashboard
|
|
tags:
|
|
- dashboards
|
|
/dashboards/{id}:
|
|
delete:
|
|
operationId: deleteDashboard
|
|
parameters:
|
|
- description: Dashboard ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- dashboard:write
|
|
summary: Delete a dashboard
|
|
tags:
|
|
- dashboards
|
|
get:
|
|
operationId: getDashboard
|
|
parameters:
|
|
- description: Dashboard ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
widgets:
|
|
- aggregation: owner
|
|
filter: status == "open"
|
|
name: open_tickets_per_user
|
|
type: bar
|
|
width: 4
|
|
- aggregation: 'CONCAT(DATE_YEAR(created), "-", DATE_ISOWEEK(created)
|
|
< 10 ? "0" : "", DATE_ISOWEEK(created))'
|
|
name: tickets_per_week
|
|
type: line
|
|
width: 8
|
|
schema:
|
|
$ref: '#/definitions/DashboardResponse'
|
|
security:
|
|
- roles:
|
|
- dashboard:read
|
|
summary: Get a single dashboard
|
|
tags:
|
|
- dashboards
|
|
put:
|
|
operationId: updateDashboard
|
|
parameters:
|
|
- description: Dashboard ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
- description: Dashboard object that needs to be added
|
|
in: body
|
|
name: dashboard
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Dashboard'
|
|
x-example:
|
|
name: Simple
|
|
widgets: []
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
widgets: []
|
|
schema:
|
|
$ref: '#/definitions/DashboardResponse'
|
|
security:
|
|
- roles:
|
|
- dashboard:write
|
|
summary: Update an existing dashboard
|
|
tags:
|
|
- dashboards
|
|
/jobs:
|
|
get:
|
|
operationId: listJobs
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- automation: hash.sha1
|
|
id: b81c2366-ea37-43d2-b61b-03afdc21d985
|
|
payload: test
|
|
status: created
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/JobResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- job:read
|
|
summary: List jobs
|
|
tags:
|
|
- jobs
|
|
post:
|
|
operationId: runJob
|
|
parameters:
|
|
- description: New job
|
|
in: body
|
|
name: job
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/JobForm'
|
|
x-example:
|
|
automation: hash.sha1
|
|
payload: test
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
automation: hash.sha1
|
|
id: 87390749-2125-4a87-91c5-da7e3f9bebf1
|
|
payload: test
|
|
status: created
|
|
schema:
|
|
$ref: '#/definitions/JobResponse'
|
|
security:
|
|
- roles:
|
|
- job:write
|
|
summary: Start a new job
|
|
tags:
|
|
- jobs
|
|
/jobs/{id}:
|
|
get:
|
|
operationId: getJob
|
|
parameters:
|
|
- description: Job ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: b81c2366-ea37-43d2-b61b-03afdc21d985
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
automation: hash.sha1
|
|
id: b81c2366-ea37-43d2-b61b-03afdc21d985
|
|
payload: test
|
|
status: created
|
|
schema:
|
|
$ref: '#/definitions/JobResponse'
|
|
security:
|
|
- roles:
|
|
- job:read
|
|
summary: Get a single job
|
|
tags:
|
|
- jobs
|
|
put:
|
|
operationId: updateJob
|
|
parameters:
|
|
- description: Job ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: b81c2366-ea37-43d2-b61b-03afdc21d985
|
|
- description: Job object that needs to be added
|
|
in: body
|
|
name: job
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/JobUpdate'
|
|
x-example:
|
|
running: false
|
|
status: failed
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
automation: hash.sha1
|
|
id: b81c2366-ea37-43d2-b61b-03afdc21d985
|
|
payload: test
|
|
status: failed
|
|
schema:
|
|
$ref: '#/definitions/JobResponse'
|
|
security:
|
|
- roles:
|
|
- job:write
|
|
summary: Update an existing job
|
|
tags:
|
|
- jobs
|
|
/logs/{reference}:
|
|
get:
|
|
operationId: getLogs
|
|
parameters:
|
|
- description: Reference
|
|
in: path
|
|
name: reference
|
|
required: true
|
|
type: string
|
|
x-example: tickets%2F294511
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- created: 2021-12-12T12:12:12.000000012Z
|
|
creator: bob
|
|
message: Fail run account resist lend solve incident centre priority
|
|
temperature. Cause change distribution examine location technique
|
|
shape partner milk customer. Rail tea plate soil report cook railway
|
|
interpretation breath action. Exercise dream accept park conclusion
|
|
addition shoot assistance may answer. Gold writer link stop combine
|
|
hear power name commitment operation. Determine lifespan support grow
|
|
degree henry exclude detail set religion. Direct library policy convention
|
|
chain retain discover ride walk student. Gather proposal select march
|
|
aspect play noise avoid encourage employ. Assessment preserve transport
|
|
combine wish influence income guess run stand. Charge limit crime
|
|
ignore statement foundation study issue stop claim.
|
|
reference: tickets/294511
|
|
type: manual
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/LogEntry'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- log:read
|
|
summary: Get log entries
|
|
tags:
|
|
- logs
|
|
/playbooks:
|
|
get:
|
|
operationId: listPlaybooks
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- id: malware
|
|
name: Malware
|
|
yaml: |
|
|
name: Malware
|
|
tasks:
|
|
file-or-hash:
|
|
name: Do you have the file or the hash?
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
file:
|
|
type: string
|
|
title: "I have the"
|
|
enum: [ "File", "Hash" ]
|
|
next:
|
|
enter-hash: "file == 'Hash'"
|
|
upload: "file == 'File'"
|
|
|
|
enter-hash:
|
|
name: Please enter the hash
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
hash:
|
|
type: string
|
|
title: Please enter the hash value
|
|
minlength: 32
|
|
next:
|
|
virustotal: "hash != ''"
|
|
|
|
upload:
|
|
name: Upload the malware
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: object
|
|
x-display: file
|
|
title: Please upload the malware
|
|
next:
|
|
hash: "malware"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['upload'].data['malware']"
|
|
next:
|
|
virustotal:
|
|
|
|
virustotal:
|
|
name: Send hash to VirusTotal
|
|
type: automation
|
|
automation: vt.hash
|
|
args:
|
|
hash: "playbook.tasks['enter-hash'].data['hash'] || playbook.tasks['hash'].data['hash']"
|
|
# next:
|
|
# known-malware: "score > 5"
|
|
# sandbox: "score < 6" # unknown-malware
|
|
- id: phishing
|
|
name: Phishing
|
|
yaml: |
|
|
name: Phishing
|
|
tasks:
|
|
board:
|
|
name: Board Involvement?
|
|
description: Is a board member involved?
|
|
type: input
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
next:
|
|
escalate: "boardInvolved == true"
|
|
mail-available: "boardInvolved == false"
|
|
|
|
escalate:
|
|
name: Escalate to CISO
|
|
description: Please escalate the task to the CISO
|
|
type: task
|
|
|
|
mail-available:
|
|
name: Mail available
|
|
type: input
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: 'yes'
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: 'Yes'
|
|
- properties:
|
|
schemaKey:
|
|
const: 'no'
|
|
type: string
|
|
title: 'No'
|
|
title: Mail available
|
|
type: object
|
|
next:
|
|
block-sender: "schemaKey == 'yes'"
|
|
extract-iocs: "schemaKey == 'yes'"
|
|
search-email-gateway: "schemaKey == 'no'"
|
|
|
|
search-email-gateway:
|
|
name: Search email gateway
|
|
description: Please search email-gateway for the phishing mail.
|
|
type: task
|
|
next:
|
|
extract-iocs:
|
|
|
|
block-sender:
|
|
name: Block sender
|
|
type: task
|
|
next:
|
|
extract-iocs:
|
|
|
|
extract-iocs:
|
|
name: Extract IOCs
|
|
description: Please insert the IOCs
|
|
type: input
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
next:
|
|
block-iocs:
|
|
|
|
block-iocs:
|
|
name: Block IOCs
|
|
type: task
|
|
- id: simple
|
|
name: Simple
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Enter something to hash
|
|
type: input
|
|
schema:
|
|
title: Something
|
|
type: object
|
|
properties:
|
|
something:
|
|
type: string
|
|
title: Something
|
|
default: ""
|
|
next:
|
|
hash: "something != ''"
|
|
|
|
hash:
|
|
name: Hash the something
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['something']"
|
|
next:
|
|
comment: "hash != ''"
|
|
|
|
comment:
|
|
name: Comment the hash
|
|
type: automation
|
|
automation: comment
|
|
payload:
|
|
default: "playbook.tasks['hash'].data['hash']"
|
|
next:
|
|
done: "done"
|
|
|
|
done:
|
|
name: You can close this case now
|
|
type: task
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/PlaybookTemplateResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- playbook:read
|
|
summary: List playbooks
|
|
tags:
|
|
- playbooks
|
|
post:
|
|
operationId: createPlaybook
|
|
parameters:
|
|
- description: New playbook
|
|
in: body
|
|
name: playbook
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateForm'
|
|
x-example:
|
|
yaml: |
|
|
name: Simple2
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: simple-2
|
|
name: Simple2
|
|
yaml: |
|
|
name: Simple2
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- playbook:write
|
|
summary: Create a playbook
|
|
tags:
|
|
- playbooks
|
|
/playbooks/{id}:
|
|
delete:
|
|
operationId: deletePlaybook
|
|
parameters:
|
|
- description: Playbook name
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- playbook:write
|
|
summary: Delete a playbook
|
|
tags:
|
|
- playbooks
|
|
get:
|
|
operationId: getPlaybook
|
|
parameters:
|
|
- description: Playbook name
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Enter something to hash
|
|
type: input
|
|
schema:
|
|
title: Something
|
|
type: object
|
|
properties:
|
|
something:
|
|
type: string
|
|
title: Something
|
|
default: ""
|
|
next:
|
|
hash: "something != ''"
|
|
|
|
hash:
|
|
name: Hash the something
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['something']"
|
|
next:
|
|
comment: "hash != ''"
|
|
|
|
comment:
|
|
name: Comment the hash
|
|
type: automation
|
|
automation: comment
|
|
payload:
|
|
default: "playbook.tasks['hash'].data['hash']"
|
|
next:
|
|
done: "done"
|
|
|
|
done:
|
|
name: You can close this case now
|
|
type: task
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- playbook:read
|
|
summary: Get a single playbook
|
|
tags:
|
|
- playbooks
|
|
put:
|
|
operationId: updatePlaybook
|
|
parameters:
|
|
- description: Playbook ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: simple
|
|
- description: Updated playbook
|
|
in: body
|
|
name: playbook
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateForm'
|
|
x-example:
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: simple
|
|
name: Simple
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- playbook:write
|
|
summary: Update an existing ticket playbook
|
|
tags:
|
|
- playbooks
|
|
/settings:
|
|
get:
|
|
operationId: getSettings
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifactKinds:
|
|
- icon: mdi-server
|
|
id: asset
|
|
name: Asset
|
|
- icon: mdi-bullseye
|
|
id: ioc
|
|
name: IOC
|
|
artifactStates:
|
|
- color: info
|
|
icon: mdi-help-circle-outline
|
|
id: unknown
|
|
name: Unknown
|
|
- color: error
|
|
icon: mdi-skull
|
|
id: malicious
|
|
name: Malicious
|
|
- color: success
|
|
icon: mdi-check
|
|
id: clean
|
|
name: Clean
|
|
roles:
|
|
- admin:backup:read
|
|
- admin:backup:restore
|
|
- admin:dashboard:write
|
|
- admin:group:write
|
|
- admin:job:read
|
|
- admin:job:write
|
|
- admin:log:read
|
|
- admin:settings:write
|
|
- admin:ticket:delete
|
|
- admin:user:write
|
|
- admin:userdata:read
|
|
- admin:userdata:write
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
ticketTypes:
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-alert
|
|
id: alert
|
|
name: Alerts
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-radioactive
|
|
id: incident
|
|
name: Incidents
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-fingerprint
|
|
id: investigation
|
|
name: Forensic Investigations
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-target
|
|
id: hunt
|
|
name: Threat Hunting
|
|
tier: community
|
|
timeformat: yyyy-MM-dd hh:mm:ss
|
|
version: 0.0.0-test
|
|
schema:
|
|
$ref: '#/definitions/SettingsResponse'
|
|
security:
|
|
- roles:
|
|
- settings:read
|
|
summary: Get settings
|
|
tags:
|
|
- settings
|
|
post:
|
|
operationId: saveSettings
|
|
parameters:
|
|
- description: Save settings
|
|
in: body
|
|
name: settings
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Settings'
|
|
x-example:
|
|
artifactKinds:
|
|
- icon: mdi-server
|
|
id: asset
|
|
name: Asset
|
|
- icon: mdi-bullseye
|
|
id: ioc
|
|
name: IOC
|
|
artifactStates:
|
|
- color: info
|
|
icon: mdi-help-circle-outline
|
|
id: unknown
|
|
name: Unknown
|
|
- color: error
|
|
icon: mdi-skull
|
|
id: malicious
|
|
name: Malicious
|
|
- color: success
|
|
icon: mdi-check
|
|
id: clean
|
|
name: Clean
|
|
timeformat: yyyy-MM-dd hh:mm:ss
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifactKinds:
|
|
- icon: mdi-server
|
|
id: asset
|
|
name: Asset
|
|
- icon: mdi-bullseye
|
|
id: ioc
|
|
name: IOC
|
|
artifactStates:
|
|
- color: info
|
|
icon: mdi-help-circle-outline
|
|
id: unknown
|
|
name: Unknown
|
|
- color: error
|
|
icon: mdi-skull
|
|
id: malicious
|
|
name: Malicious
|
|
- color: success
|
|
icon: mdi-check
|
|
id: clean
|
|
name: Clean
|
|
roles:
|
|
- admin:backup:read
|
|
- admin:backup:restore
|
|
- admin:dashboard:write
|
|
- admin:group:write
|
|
- admin:job:read
|
|
- admin:job:write
|
|
- admin:log:read
|
|
- admin:settings:write
|
|
- admin:ticket:delete
|
|
- admin:user:write
|
|
- admin:userdata:read
|
|
- admin:userdata:write
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
ticketTypes:
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-alert
|
|
id: alert
|
|
name: Alerts
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-radioactive
|
|
id: incident
|
|
name: Incidents
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-fingerprint
|
|
id: investigation
|
|
name: Forensic Investigations
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-target
|
|
id: hunt
|
|
name: Threat Hunting
|
|
tier: community
|
|
timeformat: yyyy-MM-dd hh:mm:ss
|
|
version: 0.0.0-test
|
|
schema:
|
|
$ref: '#/definitions/SettingsResponse'
|
|
security:
|
|
- roles:
|
|
- settings:write
|
|
summary: Save settings
|
|
tags:
|
|
- settings
|
|
/statistics:
|
|
get:
|
|
operationId: getStatistics
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
open_tickets_per_user: {}
|
|
tickets_per_type:
|
|
alert: 2
|
|
incident: 1
|
|
tickets_per_week:
|
|
2021-39: 3
|
|
unassigned: 0
|
|
schema:
|
|
$ref: '#/definitions/Statistics'
|
|
security:
|
|
- roles:
|
|
- ticket:read
|
|
summary: Get statistics
|
|
tags:
|
|
- statistics
|
|
/tasks:
|
|
get:
|
|
operationId: listTasks
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test: []
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/TaskWithContext'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- ticket:read
|
|
summary: List tasks
|
|
tags:
|
|
- tasks
|
|
/templates:
|
|
get:
|
|
operationId: listTemplates
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- id: default
|
|
name: Default
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Default",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/TicketTemplateResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- template:read
|
|
summary: List templates
|
|
tags:
|
|
- templates
|
|
post:
|
|
operationId: createTemplate
|
|
parameters:
|
|
- description: New template
|
|
in: body
|
|
name: template
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketTemplateForm'
|
|
x-example:
|
|
name: My Template
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: my-template
|
|
name: My Template
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
schema:
|
|
$ref: '#/definitions/TicketTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- template:write
|
|
summary: Create a new template
|
|
tags:
|
|
- templates
|
|
/templates/{id}:
|
|
delete:
|
|
operationId: deleteTemplate
|
|
parameters:
|
|
- description: Template ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: default
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- template:write
|
|
summary: Delete a template
|
|
tags:
|
|
- templates
|
|
get:
|
|
operationId: getTemplate
|
|
parameters:
|
|
- description: Template ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: default
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: default
|
|
name: Default
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Default",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
schema:
|
|
$ref: '#/definitions/TicketTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- template:read
|
|
summary: Get a single template
|
|
tags:
|
|
- templates
|
|
put:
|
|
operationId: updateTemplate
|
|
parameters:
|
|
- description: Template ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: default
|
|
- description: Template object that needs to be added
|
|
in: body
|
|
name: template
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketTemplateForm'
|
|
x-example:
|
|
name: My Template
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
id: default
|
|
name: My Template
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
schema:
|
|
$ref: '#/definitions/TicketTemplateResponse'
|
|
security:
|
|
- roles:
|
|
- template:write
|
|
summary: Update an existing template
|
|
tags:
|
|
- templates
|
|
/tickets:
|
|
get:
|
|
operationId: listTickets
|
|
parameters:
|
|
- description: Ticket Type
|
|
in: query
|
|
name: type
|
|
type: string
|
|
- default: 0
|
|
description: Offset of the list
|
|
in: query
|
|
name: offset
|
|
type: integer
|
|
- default: 25
|
|
description: Number of tickets
|
|
in: query
|
|
maximum: 100
|
|
name: count
|
|
type: integer
|
|
- description: Sort columns
|
|
in: query
|
|
items:
|
|
type: string
|
|
name: sort
|
|
type: array
|
|
- description: Sort descending
|
|
in: query
|
|
items:
|
|
type: boolean
|
|
name: desc
|
|
type: array
|
|
- description: Search query
|
|
in: query
|
|
name: query
|
|
type: string
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
count: 3
|
|
tickets:
|
|
- artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-10-02T16:04:59.078206Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
type: task
|
|
block-sender:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
type: task
|
|
board:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
type: task
|
|
extract-iocs:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketList'
|
|
security:
|
|
- roles:
|
|
- ticket:read
|
|
summary: List tickets
|
|
tags:
|
|
- tickets
|
|
post:
|
|
operationId: createTicket
|
|
parameters:
|
|
- description: New ticket
|
|
in: body
|
|
name: ticket
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketForm'
|
|
x-example:
|
|
id: 123
|
|
name: Wannacry infection
|
|
owner: bob
|
|
status: open
|
|
type: incident
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
id: 123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: Wannacry infection
|
|
owner: bob
|
|
schema: '{}'
|
|
status: open
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketResponse'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Create a new ticket
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}:
|
|
delete:
|
|
operationId: deleteTicket
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- ticket:delete
|
|
summary: Delete an ticket
|
|
tags:
|
|
- tickets
|
|
get:
|
|
operationId: getTicket
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:read
|
|
summary: Get a single ticket
|
|
tags:
|
|
- tickets
|
|
put:
|
|
operationId: updateTicket
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
- description: Updated ticket
|
|
in: body
|
|
name: ticket
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Ticket'
|
|
x-example:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: phishing from selenafadel@von.org detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
id: 8125
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: phishing from selenafadel@von.org detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Update an existing ticket
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/artifacts:
|
|
post:
|
|
operationId: addArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Artifact object that needs to be added
|
|
in: body
|
|
name: artifact
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Artifact'
|
|
x-example:
|
|
name: 2.2.2.2
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
- name: 2.2.2.2
|
|
status: unknown
|
|
type: ip
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Add a single artifact
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/artifacts/{name}:
|
|
delete:
|
|
operationId: removeArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- in: path
|
|
name: name
|
|
required: true
|
|
type: string
|
|
x-example: leadreintermediate.io
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Remove an artifact
|
|
tags:
|
|
- tickets
|
|
get:
|
|
operationId: getArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- in: path
|
|
name: name
|
|
required: true
|
|
type: string
|
|
x-example: leadreintermediate.io
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
name: leadreintermediate.io
|
|
status: malicious
|
|
schema:
|
|
$ref: '#/definitions/Artifact'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Get a single artifact
|
|
tags:
|
|
- tickets
|
|
put:
|
|
operationId: setArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- in: path
|
|
name: name
|
|
required: true
|
|
type: string
|
|
x-example: leadreintermediate.io
|
|
- in: body
|
|
name: artifact
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/Artifact'
|
|
x-example:
|
|
name: leadreintermediate.io
|
|
status: clean
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: clean
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-10-02T16:04:59.078206Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Set a single artifact
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/artifacts/{name}/enrich:
|
|
post:
|
|
operationId: enrichArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- in: path
|
|
name: name
|
|
required: true
|
|
type: string
|
|
x-example: leadreintermediate.io
|
|
- in: body
|
|
name: data
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/EnrichmentForm'
|
|
x-example:
|
|
data:
|
|
hash: b7a067a742c20d07a7456646de89bc2d408a1153
|
|
name: hash.sha1
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- enrichments:
|
|
hash.sha1:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
data:
|
|
hash: b7a067a742c20d07a7456646de89bc2d408a1153
|
|
name: hash.sha1
|
|
name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-10-02T16:04:59.078206Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Enrich a single artifact
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/artifacts/{name}/run/{automation}:
|
|
post:
|
|
operationId: runArtifact
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- in: path
|
|
name: name
|
|
required: true
|
|
type: string
|
|
x-example: leadreintermediate.io
|
|
- in: path
|
|
name: automation
|
|
required: true
|
|
type: string
|
|
x-example: hash.sha1
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Run automation on a single artifact
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/comments:
|
|
post:
|
|
operationId: addComment
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
- description: Ticket comment
|
|
in: body
|
|
name: comment
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/CommentForm'
|
|
x-example:
|
|
message: My first comment
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
comments:
|
|
- created: 2021-12-12T12:12:12.000000012Z
|
|
creator: bob
|
|
message: My first comment
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Add ticket comment
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/comments/{commentID}:
|
|
delete:
|
|
description: Comment will be removed from the ticket.
|
|
operationId: removeComment
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Comment ID to remove
|
|
in: path
|
|
name: commentID
|
|
required: true
|
|
type: integer
|
|
x-example: 0
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Remove an comment from an ticket
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks:
|
|
post:
|
|
operationId: addTicketPlaybook
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
- description: Ticket playbook object that needs to be added
|
|
in: body
|
|
name: playbook
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/PlaybookTemplateForm'
|
|
x-example:
|
|
yaml: |
|
|
name: Simple
|
|
tasks:
|
|
input:
|
|
name: Upload malware if possible
|
|
type: input
|
|
schema:
|
|
title: Malware
|
|
type: object
|
|
properties:
|
|
malware:
|
|
type: string
|
|
title: Select malware
|
|
default: ""
|
|
next:
|
|
hash: "malware != ''"
|
|
|
|
hash:
|
|
name: Hash the malware
|
|
type: automation
|
|
automation: hash.sha1
|
|
payload:
|
|
default: "playbook.tasks['input'].data['malware']"
|
|
next:
|
|
escalate:
|
|
|
|
escalate:
|
|
name: Escalate to malware team
|
|
type: task
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
playbooks:
|
|
simple:
|
|
name: Simple
|
|
tasks:
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to malware team
|
|
order: 2
|
|
type: task
|
|
hash:
|
|
active: false
|
|
automation: hash.sha1
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Hash the malware
|
|
next:
|
|
escalate: ""
|
|
order: 1
|
|
payload:
|
|
default: playbook.tasks['input'].data['malware']
|
|
type: automation
|
|
input:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Upload malware if possible
|
|
next:
|
|
hash: malware != ''
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
malware:
|
|
default: ""
|
|
title: Select malware
|
|
type: string
|
|
title: Malware
|
|
type: object
|
|
type: input
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Add a new ticket playbook
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks/{playbookID}:
|
|
delete:
|
|
operationId: removeTicketPlaybook
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Playbook ID
|
|
in: path
|
|
name: playbookID
|
|
required: true
|
|
type: string
|
|
x-example: phishing
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Remove an ticket playbook
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}:
|
|
put:
|
|
operationId: setTaskData
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Playbook ID
|
|
in: path
|
|
name: playbookID
|
|
required: true
|
|
type: string
|
|
x-example: phishing
|
|
- description: Task ID
|
|
in: path
|
|
name: taskID
|
|
required: true
|
|
type: string
|
|
x-example: board
|
|
- description: Task data
|
|
in: body
|
|
name: data
|
|
required: true
|
|
schema:
|
|
type: object
|
|
x-example:
|
|
boardInvolved: true
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
data:
|
|
boardInvolved: true
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Set a ticket playbook task data
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete:
|
|
put:
|
|
operationId: completeTask
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Playbook ID
|
|
in: path
|
|
name: playbookID
|
|
required: true
|
|
type: string
|
|
x-example: phishing
|
|
- description: Task ID
|
|
in: path
|
|
name: taskID
|
|
required: true
|
|
type: string
|
|
x-example: board
|
|
- description: Ticket playbook object that needs to be added
|
|
in: body
|
|
name: data
|
|
required: true
|
|
schema:
|
|
type: object
|
|
x-example:
|
|
boardInvolved: true
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: false
|
|
closed: 2021-12-12T12:12:12.000000012Z
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
data:
|
|
boardInvolved: true
|
|
done: true
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Complete ticket playbook task
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/owner:
|
|
put:
|
|
operationId: setTaskOwner
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Playbook ID
|
|
in: path
|
|
name: playbookID
|
|
required: true
|
|
type: string
|
|
x-example: phishing
|
|
- description: Task ID
|
|
in: path
|
|
name: taskID
|
|
required: true
|
|
type: string
|
|
x-example: board
|
|
- description: Task owner
|
|
in: body
|
|
name: owner
|
|
required: true
|
|
schema:
|
|
type: string
|
|
x-example: eve
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
order: 6
|
|
type: task
|
|
block-sender:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
order: 3
|
|
type: task
|
|
board:
|
|
active: true
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
order: 0
|
|
owner: eve
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
order: 1
|
|
type: task
|
|
extract-iocs:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
order: 5
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
order: 2
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
active: false
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
order: 4
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Set a ticket playbook task owner
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/run:
|
|
post:
|
|
operationId: runTask
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8123
|
|
- description: Playbook ID
|
|
in: path
|
|
name: playbookID
|
|
required: true
|
|
type: string
|
|
x-example: phishing
|
|
- description: Task ID
|
|
in: path
|
|
name: taskID
|
|
required: true
|
|
type: string
|
|
x-example: board
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Run ticket playbook task
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/references:
|
|
put:
|
|
operationId: setReferences
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
- description: All ticket references
|
|
in: body
|
|
name: references
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/ReferenceArray'
|
|
x-example:
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-12-12T12:12:12.000000012Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Set ticket references
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/schema:
|
|
put:
|
|
operationId: setSchema
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8125
|
|
- description: New ticket schema
|
|
in: body
|
|
name: schema
|
|
required: true
|
|
schema:
|
|
type: string
|
|
x-example: '{}'
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Set ticket schema
|
|
tags:
|
|
- tickets
|
|
/tickets/{id}/tickets:
|
|
delete:
|
|
operationId: unlinkTicket
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8126
|
|
- description: Added ticket ID
|
|
in: body
|
|
name: linkedID
|
|
required: true
|
|
schema:
|
|
format: int64
|
|
type: integer
|
|
x-example: 8125
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Unlink an ticket to an ticket
|
|
tags:
|
|
- tickets
|
|
patch:
|
|
operationId: linkTicket
|
|
parameters:
|
|
- description: Ticket ID
|
|
format: int64
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: integer
|
|
x-example: 8126
|
|
- description: Added ticket ID
|
|
in: body
|
|
name: linkedID
|
|
required: true
|
|
schema:
|
|
format: int64
|
|
type: integer
|
|
x-example: 8123
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
created: 2021-10-02T16:04:59.078186Z
|
|
id: 8126
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: Surfaceintroduce virus detected
|
|
owner: demo
|
|
references:
|
|
- href: http://www.centralworld-class.io/synthesize
|
|
name: university
|
|
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
|
|
name: goal
|
|
- href: http://www.chiefsyndicate.io/action-items
|
|
name: unemployment
|
|
schema: '{}'
|
|
status: closed
|
|
tickets:
|
|
- artifacts:
|
|
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
|
|
status: unknown
|
|
- name: http://www.customerviral.io/scalable/vertical/killer
|
|
status: clean
|
|
- name: leadreintermediate.io
|
|
status: malicious
|
|
created: 2021-10-02T16:04:59.078206Z
|
|
id: 8123
|
|
modified: 2021-10-02T16:04:59.078206Z
|
|
name: live zebra
|
|
owner: demo
|
|
playbooks:
|
|
phishing:
|
|
name: Phishing
|
|
tasks:
|
|
block-iocs:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block IOCs
|
|
type: task
|
|
block-sender:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Block sender
|
|
next:
|
|
extract-iocs: ""
|
|
type: task
|
|
board:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Board Involvement?
|
|
next:
|
|
escalate: boardInvolved == true
|
|
mail-available: boardInvolved == false
|
|
schema:
|
|
properties:
|
|
boardInvolved:
|
|
default: false
|
|
title: A board member is involved.
|
|
type: boolean
|
|
required:
|
|
- boardInvolved
|
|
title: Board Involvement?
|
|
type: object
|
|
type: input
|
|
escalate:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Escalate to CISO
|
|
type: task
|
|
extract-iocs:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Extract IOCs
|
|
next:
|
|
block-iocs: ""
|
|
schema:
|
|
properties:
|
|
iocs:
|
|
items:
|
|
type: string
|
|
title: IOCs
|
|
type: array
|
|
title: Extract IOCs
|
|
type: object
|
|
type: input
|
|
mail-available:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Mail available
|
|
next:
|
|
block-sender: schemaKey == 'yes'
|
|
extract-iocs: schemaKey == 'yes'
|
|
search-email-gateway: schemaKey == 'no'
|
|
schema:
|
|
oneOf:
|
|
- properties:
|
|
mail:
|
|
title: Mail
|
|
type: string
|
|
x-display: textarea
|
|
schemaKey:
|
|
const: "yes"
|
|
type: string
|
|
required:
|
|
- mail
|
|
title: "Yes"
|
|
- properties:
|
|
schemaKey:
|
|
const: "no"
|
|
type: string
|
|
title: "No"
|
|
title: Mail available
|
|
type: object
|
|
type: input
|
|
search-email-gateway:
|
|
created: 2021-12-12T12:12:12.000000012Z
|
|
done: false
|
|
name: Search email gateway
|
|
next:
|
|
extract-iocs: ""
|
|
type: task
|
|
references:
|
|
- href: https://www.leadmaximize.net/e-services/back-end
|
|
name: performance
|
|
- href: http://www.corporateinteractive.name/rich
|
|
name: autumn
|
|
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
|
|
name: suggest
|
|
schema: |
|
|
{
|
|
"definitions": {},
|
|
"$schema": "http://json-schema.org/draft-07/schema#",
|
|
"$id": "https://example.com/object1618746510.json",
|
|
"title": "Event",
|
|
"type": "object",
|
|
"required": [
|
|
"severity",
|
|
"description",
|
|
"tlp"
|
|
],
|
|
"properties": {
|
|
"severity": {
|
|
"$id": "#root/severity",
|
|
"title": "Severity",
|
|
"type": "string",
|
|
"default": "Medium",
|
|
"nx-enum": [
|
|
"Low",
|
|
"Medium",
|
|
"High"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "Low",
|
|
"title": "Low",
|
|
"icon": "mdi-chevron-up"
|
|
},
|
|
{
|
|
"const": "Medium",
|
|
"title": "Medium",
|
|
"icon": "mdi-chevron-double-up"
|
|
},
|
|
{
|
|
"const": "High",
|
|
"title": "High",
|
|
"icon": "mdi-chevron-triple-up"
|
|
}
|
|
]
|
|
},
|
|
"tlp": {
|
|
"$id": "#root/tlp",
|
|
"title": "TLP",
|
|
"type": "string",
|
|
"nx-enum": [
|
|
"White",
|
|
"Green",
|
|
"Amber",
|
|
"Red"
|
|
],
|
|
"x-cols": 6,
|
|
"x-class": "pr-2",
|
|
"x-display": "icon",
|
|
"x-itemIcon": "icon",
|
|
"oneOf": [
|
|
{
|
|
"const": "White",
|
|
"title": "White",
|
|
"icon": "mdi-alpha-w"
|
|
},
|
|
{
|
|
"const": "Green",
|
|
"title": "Green",
|
|
"icon": "mdi-alpha-g"
|
|
},
|
|
{
|
|
"const": "Amber",
|
|
"title": "Amber",
|
|
"icon": "mdi-alpha-a"
|
|
},
|
|
{
|
|
"const": "Red",
|
|
"title": "Red",
|
|
"icon": "mdi-alpha-r"
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"$id": "#root/description",
|
|
"title": "Description",
|
|
"type": "string",
|
|
"x-display": "textarea",
|
|
"x-class": "pr-2"
|
|
}
|
|
}
|
|
}
|
|
status: closed
|
|
type: incident
|
|
- created: 2021-10-02T16:04:59.078186Z
|
|
id: 8125
|
|
modified: 2021-10-02T16:04:59.078186Z
|
|
name: phishing from selenafadel@von.com detected
|
|
owner: demo
|
|
references:
|
|
- href: https://www.seniorleading-edge.name/users/efficient
|
|
name: recovery
|
|
- href: http://www.dynamicseamless.com/clicks-and-mortar
|
|
name: force
|
|
- href: http://www.leadscalable.biz/envisioneer
|
|
name: fund
|
|
schema: '{}'
|
|
status: closed
|
|
type: alert
|
|
type: alert
|
|
schema:
|
|
$ref: '#/definitions/TicketWithTickets'
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Link an ticket to an ticket
|
|
tags:
|
|
- tickets
|
|
/tickets/batch:
|
|
post:
|
|
operationId: createTicketBatch
|
|
parameters:
|
|
- description: New ticket
|
|
in: body
|
|
name: ticket
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketFormArray'
|
|
x-example:
|
|
- id: 123
|
|
name: Wannacry infection
|
|
owner: bob
|
|
status: open
|
|
type: incident
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- ticket:write
|
|
summary: Create a new tickets in batch
|
|
tags:
|
|
- tickets
|
|
/tickettypes:
|
|
get:
|
|
operationId: listTicketTypes
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-alert
|
|
id: alert
|
|
name: Alerts
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-radioactive
|
|
id: incident
|
|
name: Incidents
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-fingerprint
|
|
id: investigation
|
|
name: Forensic Investigations
|
|
- default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-target
|
|
id: hunt
|
|
name: Threat Hunting
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/TicketTypeResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- tickettype:read
|
|
summary: List tickettypes
|
|
tags:
|
|
- tickettypes
|
|
post:
|
|
operationId: createTicketType
|
|
parameters:
|
|
- description: New tickettype
|
|
in: body
|
|
name: tickettype
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketTypeForm'
|
|
x-example:
|
|
default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-newspaper-variant-outline
|
|
name: TI Tickets
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-newspaper-variant-outline
|
|
id: ti-tickets
|
|
name: TI Tickets
|
|
schema:
|
|
$ref: '#/definitions/TicketTypeResponse'
|
|
security:
|
|
- roles:
|
|
- tickettype:write
|
|
summary: Create a new tickettype
|
|
tags:
|
|
- tickettypes
|
|
/tickettypes/{id}:
|
|
delete:
|
|
operationId: deleteTicketType
|
|
parameters:
|
|
- description: TicketType ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: alert
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- tickettype:write
|
|
summary: Delete a tickettype
|
|
tags:
|
|
- tickettypes
|
|
get:
|
|
operationId: getTicketType
|
|
parameters:
|
|
- description: TicketType ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: alert
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-alert
|
|
id: alert
|
|
name: Alerts
|
|
schema:
|
|
$ref: '#/definitions/TicketTypeResponse'
|
|
security:
|
|
- roles:
|
|
- tickettype:read
|
|
summary: Get a single tickettype
|
|
tags:
|
|
- tickettypes
|
|
put:
|
|
operationId: updateTicketType
|
|
parameters:
|
|
- description: TicketType ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: alert
|
|
- description: TicketType object that needs to be added
|
|
in: body
|
|
name: tickettype
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/TicketTypeForm'
|
|
x-example:
|
|
default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-bell
|
|
id: alert
|
|
name: Alerts
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
default_playbooks: []
|
|
default_template: default
|
|
icon: mdi-bell
|
|
id: alert
|
|
name: Alerts
|
|
schema:
|
|
$ref: '#/definitions/TicketTypeResponse'
|
|
security:
|
|
- roles:
|
|
- tickettype:write
|
|
summary: Update an existing tickettype
|
|
tags:
|
|
- tickettypes
|
|
/userdata:
|
|
get:
|
|
operationId: listUserData
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- email: bob@example.org
|
|
id: bob
|
|
name: Bob Bad
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/UserDataResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- userdata:read
|
|
summary: List userdata
|
|
tags:
|
|
- userdata
|
|
/userdata/{id}:
|
|
get:
|
|
operationId: getUserData
|
|
parameters:
|
|
- description: User Data ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: bob
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
email: bob@example.org
|
|
id: bob
|
|
name: Bob Bad
|
|
schema:
|
|
$ref: '#/definitions/UserDataResponse'
|
|
security:
|
|
- roles:
|
|
- userdata:read
|
|
summary: Get a single user data
|
|
tags:
|
|
- userdata
|
|
put:
|
|
operationId: updateUserData
|
|
parameters:
|
|
- description: User Data ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: bob
|
|
- description: User data object that needs to be added
|
|
in: body
|
|
name: userdata
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/UserData'
|
|
x-example:
|
|
blocked: false
|
|
email: bob@example.org
|
|
name: Bob Bad
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
email: bob@example.org
|
|
id: bob
|
|
name: Bob Bad
|
|
schema:
|
|
$ref: '#/definitions/UserDataResponse'
|
|
security:
|
|
- roles:
|
|
- userdata:write
|
|
summary: Update an existing user data
|
|
tags:
|
|
- userdata
|
|
/users:
|
|
get:
|
|
operationId: listUsers
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
- apikey: false
|
|
blocked: false
|
|
id: bob
|
|
roles:
|
|
- admin:backup:read
|
|
- admin:backup:restore
|
|
- admin:dashboard:write
|
|
- admin:group:write
|
|
- admin:job:read
|
|
- admin:job:write
|
|
- admin:log:read
|
|
- admin:settings:write
|
|
- admin:ticket:delete
|
|
- admin:user:write
|
|
- admin:userdata:read
|
|
- admin:userdata:write
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
- apikey: true
|
|
blocked: false
|
|
id: script
|
|
roles:
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
schema:
|
|
items:
|
|
$ref: '#/definitions/UserResponse'
|
|
type: array
|
|
security:
|
|
- roles:
|
|
- user:read
|
|
summary: List users
|
|
tags:
|
|
- users
|
|
post:
|
|
operationId: createUser
|
|
parameters:
|
|
- description: user object that needs to be added
|
|
in: body
|
|
name: user
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/UserForm'
|
|
x-example:
|
|
apikey: true
|
|
blocked: false
|
|
id: syncscript
|
|
roles:
|
|
- analyst
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
blocked: false
|
|
id: syncscript
|
|
roles:
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
secret: v39bOuobnlEljfWzjAgoKzhmnh1xSMxH
|
|
schema:
|
|
$ref: '#/definitions/NewUserResponse'
|
|
security:
|
|
- roles:
|
|
- user:write
|
|
summary: Create user
|
|
tags:
|
|
- users
|
|
/users/{id}:
|
|
delete:
|
|
operationId: deleteUser
|
|
parameters:
|
|
- description: user ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: script
|
|
responses:
|
|
"204":
|
|
description: successful operation
|
|
security:
|
|
- roles:
|
|
- user:write
|
|
summary: Delete user
|
|
tags:
|
|
- users
|
|
get:
|
|
operationId: getUser
|
|
parameters:
|
|
- description: user ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: script
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
apikey: true
|
|
blocked: false
|
|
id: script
|
|
roles:
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
schema:
|
|
$ref: '#/definitions/UserResponse'
|
|
security:
|
|
- roles:
|
|
- user:read
|
|
summary: Get a single user
|
|
tags:
|
|
- users
|
|
put:
|
|
operationId: updateUser
|
|
parameters:
|
|
- description: Template ID
|
|
in: path
|
|
name: id
|
|
required: true
|
|
type: string
|
|
x-example: bob
|
|
- description: user object that needs to be added
|
|
in: body
|
|
name: user
|
|
required: true
|
|
schema:
|
|
$ref: '#/definitions/UserForm'
|
|
x-example:
|
|
apikey: false
|
|
blocked: false
|
|
id: syncscript
|
|
roles:
|
|
- analyst
|
|
- admin
|
|
responses:
|
|
"200":
|
|
description: successful operation
|
|
examples:
|
|
test:
|
|
apikey: false
|
|
blocked: false
|
|
id: bob
|
|
roles:
|
|
- admin:backup:read
|
|
- admin:backup:restore
|
|
- admin:dashboard:write
|
|
- admin:group:write
|
|
- admin:job:read
|
|
- admin:job:write
|
|
- admin:log:read
|
|
- admin:settings:write
|
|
- admin:ticket:delete
|
|
- admin:user:write
|
|
- admin:userdata:read
|
|
- admin:userdata:write
|
|
- analyst:automation:read
|
|
- analyst:currentsettings:write
|
|
- analyst:currentuser:read
|
|
- analyst:currentuserdata:read
|
|
- analyst:dashboard:read
|
|
- analyst:file
|
|
- analyst:group:read
|
|
- analyst:playbook:read
|
|
- analyst:rule:read
|
|
- analyst:settings:read
|
|
- analyst:template:read
|
|
- analyst:ticket:read
|
|
- analyst:ticket:write
|
|
- analyst:tickettype:read
|
|
- analyst:user:read
|
|
- engineer:automation:write
|
|
- engineer:playbook:write
|
|
- engineer:rule:write
|
|
- engineer:template:write
|
|
- engineer:tickettype:write
|
|
schema:
|
|
$ref: '#/definitions/UserResponse'
|
|
security:
|
|
- roles:
|
|
- user:write
|
|
summary: Update user
|
|
tags:
|
|
- users
|
|
produces:
|
|
- application/json
|
|
schemes:
|
|
- http
|
|
swagger: "2.0"
|
|
|