CSEC_PUBLIC/catalyst
1
0
Fork 0
mirror of https://github.com/SecurityBrewery/catalyst.git synced 2025-12-06 15:22:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
3b7af3bf08243cce7d7ece23b3f03a46697a75f9
catalyst/generated/community.yml
Jonas Plum 73f88e0963 Split correlated and related tickets (#542) 
Co-authored-by: Jonas Plum <git@jonasplum.de>
2022-10-22 22:28:44 +02:00

6928 lines
205 KiB
YAML
Raw Blame History

basePath: /api
consumes:
- application/json
definitions:
Artifact:
properties:
enrichments:
additionalProperties:
$ref: '#/definitions/Enrichment'
type: object
kind:
type: string
name:
example: 2.2.2.2
type: string
status:
example: Unknown
type: string
type:
type: string
required:
- name
type: object
ArtifactOrigin:
properties:
artifact:
type: string
ticket_id:
format: int64
type: integer
required:
- ticket_id
- artifact
type: object
Automation:
properties:
image:
type: string
schema:
example: '{}'
type: string
script:
type: string
type:
items:
enum:
- artifact
- playbook
- global
type: string
type: array
required:
- image
- script
- type
type: object
AutomationForm:
properties:
id:
type: string
image:
type: string
schema:
example: '{}'
type: string
script:
type: string
type:
items:
enum:
- artifact
- playbook
- global
type: string
type: array
required:
- id
- image
- script
- type
type: object
AutomationResponse:
properties:
id:
type: string
image:
type: string
schema:
example: '{}'
type: string
script:
type: string
type:
items:
enum:
- artifact
- playbook
- global
type: string
type: array
required:
- id
- image
- script
- type
type: object
Comment:
properties:
created:
format: date-time
type: string
creator:
type: string
message:
type: string
required:
- creator
- created
- message
type: object
CommentForm:
properties:
created:
format: date-time
type: string
creator:
type: string
message:
type: string
required:
- message
type: object
Context:
properties:
artifact:
$ref: '#/definitions/Artifact'
playbook:
$ref: '#/definitions/PlaybookResponse'
task:
$ref: '#/definitions/TaskResponse'
ticket:
$ref: '#/definitions/TicketResponse'
type: object
Dashboard:
properties:
name:
type: string
widgets:
items:
$ref: '#/definitions/Widget'
type: array
required:
- name
- widgets
type: object
DashboardResponse:
properties:
id:
type: string
name:
type: string
widgets:
items:
$ref: '#/definitions/Widget'
type: array
required:
- id
- name
- widgets
type: object
Enrichment:
properties:
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
data:
example:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
type: object
name:
example: hash.sha1
type: string
required:
- name
- data
- created
type: object
EnrichmentForm:
properties:
data:
example:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
type: object
name:
example: hash.sha1
type: string
required:
- name
- data
type: object
File:
properties:
key:
example: myfile
type: string
name:
example: notes.docx
type: string
required:
- key
- name
type: object
Job:
properties:
automation:
type: string
container:
type: string
log:
type: string
origin:
$ref: '#/definitions/Origin'
output:
type: object
payload: {}
running:
type: boolean
status:
type: string
required:
- automation
- running
- status
type: object
JobForm:
properties:
automation:
type: string
origin:
$ref: '#/definitions/Origin'
payload: {}
required:
- automation
type: object
JobResponse:
properties:
automation:
type: string
container:
type: string
id:
type: string
log:
type: string
origin:
$ref: '#/definitions/Origin'
output:
type: object
payload: {}
status:
type: string
required:
- id
- automation
- status
type: object
JobUpdate:
properties:
container:
type: string
log:
type: string
output:
type: object
running:
type: boolean
status:
type: string
required:
- running
- status
type: object
LogEntry:
properties:
created:
format: date-time
type: string
creator:
type: string
message:
type: string
reference:
type: string
type:
type: string
required:
- type
- reference
- creator
- created
- message
type: object
Message:
properties:
context:
$ref: '#/definitions/Context'
payload: {}
secrets:
additionalProperties:
type: string
type: object
type: object
NewUserResponse:
properties:
blocked:
type: boolean
id:
type: string
roles:
items:
type: string
type: array
secret:
type: string
required:
- id
- blocked
- roles
type: object
Origin:
properties:
artifact_origin:
$ref: '#/definitions/ArtifactOrigin'
task_origin:
$ref: '#/definitions/TaskOrigin'
type: object
Playbook:
properties:
name:
example: Phishing
type: string
tasks:
additionalProperties:
$ref: '#/definitions/Task'
type: object
required:
- name
- tasks
type: object
PlaybookResponse:
properties:
name:
example: Phishing
type: string
tasks:
additionalProperties:
$ref: '#/definitions/TaskResponse'
type: object
required:
- name
- tasks
type: object
PlaybookTemplate:
properties:
name:
type: string
yaml:
type: string
required:
- name
- yaml
type: object
PlaybookTemplateForm:
properties:
id:
type: string
yaml:
type: string
required:
- yaml
type: object
PlaybookTemplateResponse:
properties:
id:
type: string
name:
type: string
yaml:
type: string
required:
- id
- name
- yaml
type: object
Reference:
properties:
href:
example: https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-0144
type: string
name:
example: CVE-2017-0144
type: string
required:
- name
- href
type: object
ReferenceArray:
items:
$ref: '#/definitions/Reference'
type: array
Settings:
properties:
artifactKinds:
items:
$ref: '#/definitions/Type'
title: Artifact Kinds
type: array
artifactStates:
items:
$ref: '#/definitions/Type'
title: Artifact States
type: array
timeformat:
title: Time Format
type: string
required:
- timeformat
- artifactKinds
- artifactStates
type: object
SettingsResponse:
properties:
artifactKinds:
items:
$ref: '#/definitions/Type'
title: Artifact Kinds
type: array
artifactStates:
items:
$ref: '#/definitions/Type'
title: Artifact States
type: array
roles:
items:
type: string
title: Roles
type: array
ticketTypes:
items:
$ref: '#/definitions/TicketTypeResponse'
title: Ticket Types
type: array
tier:
enum:
- community
- enterprise
title: Tier
type: string
timeformat:
title: Time Format
type: string
version:
title: Version
type: string
required:
- version
- tier
- timeformat
- ticketTypes
- artifactKinds
- artifactStates
type: object
Statistics:
properties:
open_tickets_per_user:
additionalProperties:
type: integer
type: object
tickets_per_type:
additionalProperties:
type: integer
type: object
tickets_per_week:
additionalProperties:
type: integer
type: object
unassigned:
type: integer
required:
- unassigned
- open_tickets_per_user
- tickets_per_week
- tickets_per_type
type: object
Task:
properties:
automation:
type: string
closed:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
data:
type: object
done:
type: boolean
join:
example: false
type: boolean
name:
example: Inform user
type: string
next:
additionalProperties:
type: string
type: object
owner:
type: string
payload:
additionalProperties:
type: string
type: object
schema:
type: object
type:
enum:
- task
- input
- automation
example: task
type: string
required:
- name
- type
- done
- created
type: object
TaskOrigin:
properties:
playbook_id:
type: string
task_id:
type: string
ticket_id:
format: int64
type: integer
required:
- ticket_id
- playbook_id
- task_id
type: object
TaskResponse:
properties:
active:
example: false
type: boolean
automation:
type: string
closed:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
data:
type: object
done:
type: boolean
join:
example: false
type: boolean
name:
example: Inform user
type: string
next:
additionalProperties:
type: string
type: object
order:
example: 2
format: int64
type: number
owner:
type: string
payload:
additionalProperties:
type: string
type: object
schema:
type: object
type:
enum:
- task
- input
- automation
example: task
type: string
required:
- name
- type
- done
- created
- order
- active
type: object
TaskWithContext:
properties:
playbook_id:
type: string
playbook_name:
type: string
task:
$ref: '#/definitions/TaskResponse'
task_id:
type: string
ticket_id:
format: int64
type: number
ticket_name:
type: string
required:
- ticket_id
- ticket_name
- playbook_id
- playbook_name
- task_id
- task
type: object
Ticket:
properties:
artifacts:
items:
$ref: '#/definitions/Artifact'
type: array
comments:
items:
$ref: '#/definitions/Comment'
type: array
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
details:
example:
description: my little incident
type: object
files:
items:
$ref: '#/definitions/File'
type: array
modified:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
name:
example: WannyCry
type: string
owner:
example: bob
type: string
playbooks:
additionalProperties:
$ref: '#/definitions/Playbook'
type: object
read:
example:
- bob
items:
type: string
type: array
references:
items:
$ref: '#/definitions/Reference'
type: array
schema:
example: '{}'
type: string
status:
example: open
type: string
type:
example: incident
type: string
write:
example:
- alice
items:
type: string
type: array
required:
- name
- type
- status
- created
- modified
- schema
type: object
TicketForm:
properties:
artifacts:
items:
$ref: '#/definitions/Artifact'
type: array
comments:
items:
$ref: '#/definitions/Comment'
type: array
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
details:
example:
description: my little incident
type: object
files:
items:
$ref: '#/definitions/File'
type: array
id:
example: 123
format: int64
type: integer
modified:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
name:
example: WannyCry
type: string
owner:
example: bob
type: string
playbooks:
items:
$ref: '#/definitions/PlaybookTemplateForm'
type: array
read:
example:
- bob
items:
type: string
type: array
references:
items:
$ref: '#/definitions/Reference'
type: array
schema:
example: '{}'
type: string
status:
example: open
type: string
type:
example: incident
type: string
write:
example:
- alice
items:
type: string
type: array
required:
- name
- type
- status
type: object
TicketFormArray:
items:
$ref: '#/definitions/TicketForm'
type: array
TicketList:
properties:
count:
example: 3
type: number
tickets:
items:
$ref: '#/definitions/TicketSimpleResponse'
type: array
required:
- tickets
- count
type: object
TicketResponse:
properties:
artifacts:
items:
$ref: '#/definitions/Artifact'
type: array
comments:
items:
$ref: '#/definitions/Comment'
type: array
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
details:
example:
description: my little incident
type: object
files:
items:
$ref: '#/definitions/File'
type: array
id:
example: 123
format: int64
type: integer
modified:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
name:
example: WannyCry
type: string
owner:
example: bob
type: string
playbooks:
additionalProperties:
$ref: '#/definitions/PlaybookResponse'
type: object
read:
example:
- bob
items:
type: string
type: array
references:
items:
$ref: '#/definitions/Reference'
type: array
schema:
example: '{}'
type: string
status:
example: open
type: string
type:
example: incident
type: string
write:
example:
- alice
items:
type: string
type: array
required:
- id
- name
- type
- status
- created
- modified
- schema
type: object
TicketSimpleResponse:
properties:
artifacts:
items:
$ref: '#/definitions/Artifact'
type: array
comments:
items:
$ref: '#/definitions/Comment'
type: array
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
details:
example:
description: my little incident
type: object
files:
items:
$ref: '#/definitions/File'
type: array
id:
example: 123
format: int64
type: integer
modified:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
name:
example: WannyCry
type: string
owner:
example: bob
type: string
playbooks:
additionalProperties:
$ref: '#/definitions/Playbook'
type: object
read:
example:
- bob
items:
type: string
type: array
references:
items:
$ref: '#/definitions/Reference'
type: array
schema:
example: '{}'
type: string
status:
example: open
type: string
type:
example: incident
type: string
write:
example:
- alice
items:
type: string
type: array
required:
- id
- name
- type
- status
- created
- modified
- schema
type: object
TicketTemplate:
properties:
name:
type: string
schema:
type: string
required:
- name
- schema
type: object
TicketTemplateForm:
properties:
id:
type: string
name:
type: string
schema:
type: string
required:
- name
- schema
type: object
TicketTemplateResponse:
properties:
id:
type: string
name:
type: string
schema:
type: string
required:
- id
- name
- schema
type: object
TicketType:
properties:
default_groups:
items:
type: string
type: array
default_playbooks:
items:
type: string
type: array
default_template:
type: string
icon:
type: string
name:
type: string
required:
- name
- icon
- default_template
- default_playbooks
type: object
TicketTypeForm:
properties:
default_groups:
items:
type: string
type: array
default_playbooks:
items:
type: string
type: array
default_template:
type: string
icon:
type: string
id:
type: string
name:
type: string
required:
- name
- icon
- default_template
- default_playbooks
type: object
TicketTypeResponse:
properties:
default_groups:
items:
type: string
type: array
default_playbooks:
items:
type: string
type: array
default_template:
type: string
icon:
type: string
id:
type: string
name:
type: string
required:
- id
- name
- icon
- default_template
- default_playbooks
type: object
TicketWithTickets:
properties:
artifacts:
items:
$ref: '#/definitions/Artifact'
type: array
comments:
items:
$ref: '#/definitions/Comment'
type: array
correlated_tickets:
items:
$ref: '#/definitions/TicketSimpleResponse'
type: array
created:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
details:
example:
description: my little incident
type: object
files:
items:
$ref: '#/definitions/File'
type: array
id:
example: 123
format: int64
type: integer
logs:
items:
$ref: '#/definitions/LogEntry'
type: array
modified:
example: 1985-04-12T23:20:50.52Z
format: date-time
type: string
name:
example: WannyCry
type: string
owner:
example: bob
type: string
playbooks:
additionalProperties:
$ref: '#/definitions/PlaybookResponse'
type: object
read:
example:
- bob
items:
type: string
type: array
references:
items:
$ref: '#/definitions/Reference'
type: array
schema:
example: '{}'
type: string
status:
example: open
type: string
tickets:
items:
$ref: '#/definitions/TicketSimpleResponse'
type: array
type:
example: incident
type: string
write:
example:
- alice
items:
type: string
type: array
required:
- id
- name
- type
- status
- created
- modified
- schema
type: object
Type:
properties:
color:
enum:
- error
- info
- success
- warning
title: Color
type: string
x-cols: 3
icon:
title: Icon (https://materialdesignicons.com)
type: string
x-class: pr-2
x-cols: 3
id:
title: ID
type: string
x-class: pr-2
x-cols: 3
name:
title: Name
type: string
x-class: pr-2
x-cols: 3
required:
- id
- name
- icon
type: object
User:
properties:
apikey:
type: boolean
blocked:
type: boolean
roles:
items:
type: string
type: array
sha256:
type: string
required:
- blocked
- apikey
- roles
type: object
UserData:
properties:
email:
type: string
x-example: bob@example.org
image:
type: string
x-display: custom-avatar
name:
type: string
x-example: Robert Smith
timeformat:
title: Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
type: string
type: object
UserDataResponse:
properties:
email:
type: string
x-example: bob@example.org
id:
type: string
image:
type: string
x-display: custom-avatar
name:
type: string
x-example: Robert Smith
timeformat:
title: Time Format (https://moment.github.io/luxon/docs/manual/formatting.html#table-of-tokens)
type: string
required:
- id
type: object
UserForm:
properties:
apikey:
type: boolean
blocked:
type: boolean
id:
type: string
roles:
items:
type: string
type: array
required:
- id
- blocked
- roles
- apikey
type: object
UserResponse:
properties:
apikey:
type: boolean
blocked:
type: boolean
id:
type: string
roles:
items:
type: string
type: array
required:
- id
- blocked
- roles
- apikey
type: object
Widget:
properties:
aggregation:
type: string
filter:
type: string
name:
type: string
type:
enum:
- bar
- line
- pie
type: string
width:
maximum: 12
minimum: 1
type: integer
required:
- name
- type
- aggregation
- width
type: object
host: .
info:
description: API for the catalyst incident response platform.
title: ""
version: ""
paths:
/automations:
get:
operationId: listAutomations
responses:
"200":
description: successful operation
examples:
test:
- id: comment
image: docker.io/python:3
script: ""
type:
- playbook
- id: hash.sha1
image: docker.io/python:3
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
script: ""
type:
- global
- artifact
- playbook
- id: vt.hash
image: docker.io/python:3
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
script: ""
type:
- global
- artifact
- playbook
schema:
items:
$ref: '#/definitions/AutomationResponse'
type: array
security:
- roles:
- automation:read
summary: List automations
tags:
- automations
post:
operationId: createAutomation
parameters:
- description: New automation
in: body
name: automation
required: true
schema:
$ref: '#/definitions/AutomationForm'
x-example:
id: hash-sha-256
image: docker.io/python:3
script: |
import sys
import json
import hashlib
def run(msg):
sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))
return {'hash': sha256.hexdigest()}
print(json.dumps(run(json.loads(sys.argv[1]))))
type:
- global
responses:
"200":
description: successful operation
examples:
test:
id: hash-sha-256
image: docker.io/python:3
script: |
import sys
import json
import hashlib
def run(msg):
sha256 = hashlib.sha256(msg['payload']['default'].encode('utf-8'))
return {'hash': sha256.hexdigest()}
print(json.dumps(run(json.loads(sys.argv[1]))))
type:
- global
schema:
$ref: '#/definitions/AutomationResponse'
security:
- roles:
- automation:write
summary: Create a new automation
tags:
- automations
/automations/{id}:
delete:
operationId: deleteAutomation
parameters:
- description: Automation ID
in: path
name: id
required: true
type: string
x-example: hash.sha1
responses:
"204":
description: successful operation
security:
- roles:
- automation:write
summary: Delete a automation
tags:
- automations
get:
operationId: getAutomation
parameters:
- description: Automation ID
in: path
name: id
required: true
type: string
x-example: hash.sha1
responses:
"200":
description: successful operation
examples:
test:
id: hash.sha1
image: docker.io/python:3
schema: '{"title":"Input","type":"object","properties":{"default":{"type":"string","title":"Value"}},"required":["default"]}'
script: |
#!/usr/bin/env python
import sys
import json
import hashlib
def run(msg):
sha1 = hashlib.sha1(msg['payload']['default'].encode('utf-8'))
return {"hash": sha1.hexdigest()}
print(json.dumps(run(json.loads(sys.argv[1]))))
type:
- global
- artifact
- playbook
schema:
$ref: '#/definitions/AutomationResponse'
security:
- roles:
- automation:read
summary: Get a single automation
tags:
- automations
put:
operationId: updateAutomation
parameters:
- description: Automation ID
in: path
name: id
required: true
type: string
x-example: hash.sha1
- description: Automation object that needs to be added
in: body
name: automation
required: true
schema:
$ref: '#/definitions/AutomationForm'
x-example:
id: hash.sha1
image: docker.io/python:3
script: |
import sys
import json
import hashlib
def run(msg):
sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))
return {'hash': sha1.hexdigest()}
print(json.dumps(run(json.loads(sys.argv[1]))))
type:
- global
- artifact
- playbook
responses:
"200":
description: successful operation
examples:
test:
id: hash.sha1
image: docker.io/python:3
script: |
import sys
import json
import hashlib
def run(msg):
sha1 = hashlib.sha1(msg['payload'].encode('utf-8'))
return {'hash': sha1.hexdigest()}
print(json.dumps(run(json.loads(sys.argv[1]))))
type:
- global
- artifact
- playbook
schema:
$ref: '#/definitions/AutomationResponse'
security:
- roles:
- automation:write
summary: Update an existing automation
tags:
- automations
/currentuser:
get:
operationId: currentUser
responses:
"200":
description: successful operation
examples:
test:
apikey: false
blocked: false
id: bob
roles:
- admin
schema:
$ref: '#/definitions/UserResponse'
security:
- roles:
- currentuser:read
summary: Get current user
tags:
- users
/currentuserdata:
get:
operationId: currentUserData
responses:
"200":
description: successful operation
examples:
test:
email: bob@example.org
id: bob
name: Bob Bad
schema:
$ref: '#/definitions/UserDataResponse'
security:
- roles:
- currentuserdata:read
summary: Get current user data
tags:
- userdata
put:
operationId: updateCurrentUserData
parameters:
- description: User data object that needs to be added
in: body
name: userdata
required: true
schema:
$ref: '#/definitions/UserData'
x-example:
email: bob@example.org
name: Bob Bad
responses:
"200":
description: successful operation
examples:
test:
email: bob@example.org
id: bob
name: Bob Bad
schema:
$ref: '#/definitions/UserDataResponse'
security:
- roles:
- currentuserdata:write
summary: Update current user data
tags:
- userdata
/dashboard/data:
get:
operationId: dashboardData
parameters:
- description: Aggregation
in: query
name: aggregation
required: true
type: string
x-example: type
- description: Filter
in: query
name: filter
type: string
x-example: status == "closed"
responses:
"200":
description: successful operation
examples:
test:
alert: 2
incident: 1
schema:
type: object
security:
- roles:
- dashboard:read
summary: Get widget data
tags:
- dashboards
/dashboards:
get:
operationId: listDashboards
responses:
"200":
description: successful operation
examples:
test:
- id: simple
name: Simple
widgets:
- aggregation: owner
filter: status == "open"
name: open_tickets_per_user
type: bar
width: 4
- aggregation: 'CONCAT(DATE_YEAR(created), "-", DATE_ISOWEEK(created)
< 10 ? "0" : "", DATE_ISOWEEK(created))'
name: tickets_per_week
type: line
width: 8
schema:
items:
$ref: '#/definitions/DashboardResponse'
type: array
security:
- roles:
- dashboard:read
summary: List dashboards
tags:
- dashboards
post:
operationId: createDashboard
parameters:
- description: New template
in: body
name: template
required: true
schema:
$ref: '#/definitions/Dashboard'
x-example:
name: My Dashboard
widgets: []
responses:
"200":
description: successful operation
examples:
test:
id: my-dashboard
name: My Dashboard
widgets: []
schema:
$ref: '#/definitions/DashboardResponse'
security:
- roles:
- dashboard:write
summary: Create a new dashboard
tags:
- dashboards
/dashboards/{id}:
delete:
operationId: deleteDashboard
parameters:
- description: Dashboard ID
in: path
name: id
required: true
type: string
x-example: simple
responses:
"204":
description: successful operation
security:
- roles:
- dashboard:write
summary: Delete a dashboard
tags:
- dashboards
get:
operationId: getDashboard
parameters:
- description: Dashboard ID
in: path
name: id
required: true
type: string
x-example: simple
responses:
"200":
description: successful operation
examples:
test:
id: simple
name: Simple
widgets:
- aggregation: owner
filter: status == "open"
name: open_tickets_per_user
type: bar
width: 4
- aggregation: 'CONCAT(DATE_YEAR(created), "-", DATE_ISOWEEK(created)
< 10 ? "0" : "", DATE_ISOWEEK(created))'
name: tickets_per_week
type: line
width: 8
schema:
$ref: '#/definitions/DashboardResponse'
security:
- roles:
- dashboard:read
summary: Get a single dashboard
tags:
- dashboards
put:
operationId: updateDashboard
parameters:
- description: Dashboard ID
in: path
name: id
required: true
type: string
x-example: simple
- description: Dashboard object that needs to be added
in: body
name: dashboard
required: true
schema:
$ref: '#/definitions/Dashboard'
x-example:
name: Simple
widgets: []
responses:
"200":
description: successful operation
examples:
test:
id: simple
name: Simple
widgets: []
schema:
$ref: '#/definitions/DashboardResponse'
security:
- roles:
- dashboard:write
summary: Update an existing dashboard
tags:
- dashboards
/jobs:
get:
operationId: listJobs
responses:
"200":
description: successful operation
examples:
test:
- automation: hash.sha1
id: b81c2366-ea37-43d2-b61b-03afdc21d985
payload: test
status: created
schema:
items:
$ref: '#/definitions/JobResponse'
type: array
security:
- roles:
- job:read
summary: List jobs
tags:
- jobs
post:
operationId: runJob
parameters:
- description: New job
in: body
name: job
required: true
schema:
$ref: '#/definitions/JobForm'
x-example:
automation: hash.sha1
payload: test
responses:
"200":
description: successful operation
examples:
test:
automation: hash.sha1
id: 87390749-2125-4a87-91c5-da7e3f9bebf1
payload: test
status: created
schema:
$ref: '#/definitions/JobResponse'
security:
- roles:
- job:write
summary: Start a new job
tags:
- jobs
/jobs/{id}:
get:
operationId: getJob
parameters:
- description: Job ID
in: path
name: id
required: true
type: string
x-example: b81c2366-ea37-43d2-b61b-03afdc21d985
responses:
"200":
description: successful operation
examples:
test:
automation: hash.sha1
id: b81c2366-ea37-43d2-b61b-03afdc21d985
payload: test
status: created
schema:
$ref: '#/definitions/JobResponse'
security:
- roles:
- job:read
summary: Get a single job
tags:
- jobs
put:
operationId: updateJob
parameters:
- description: Job ID
in: path
name: id
required: true
type: string
x-example: b81c2366-ea37-43d2-b61b-03afdc21d985
- description: Job object that needs to be added
in: body
name: job
required: true
schema:
$ref: '#/definitions/JobUpdate'
x-example:
running: false
status: failed
responses:
"200":
description: successful operation
examples:
test:
automation: hash.sha1
id: b81c2366-ea37-43d2-b61b-03afdc21d985
payload: test
status: failed
schema:
$ref: '#/definitions/JobResponse'
security:
- roles:
- job:write
summary: Update an existing job
tags:
- jobs
/logs/{reference}:
get:
operationId: getLogs
parameters:
- description: Reference
in: path
name: reference
required: true
type: string
x-example: tickets%2F294511
responses:
"200":
description: successful operation
examples:
test:
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: Fail run account resist lend solve incident centre priority
temperature. Cause change distribution examine location technique
shape partner milk customer. Rail tea plate soil report cook railway
interpretation breath action. Exercise dream accept park conclusion
addition shoot assistance may answer. Gold writer link stop combine
hear power name commitment operation. Determine lifespan support grow
degree henry exclude detail set religion. Direct library policy convention
chain retain discover ride walk student. Gather proposal select march
aspect play noise avoid encourage employ. Assessment preserve transport
combine wish influence income guess run stand. Charge limit crime
ignore statement foundation study issue stop claim.
reference: tickets/294511
type: manual
schema:
items:
$ref: '#/definitions/LogEntry'
type: array
security:
- roles:
- log:read
summary: Get log entries
tags:
- logs
/playbooks:
get:
operationId: listPlaybooks
responses:
"200":
description: successful operation
examples:
test:
- id: phishing
name: Phishing
yaml: |
name: Phishing
tasks:
board:
name: Board Involvement?
description: Is a board member involved?
type: input
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
next:
escalate: "boardInvolved == true"
mail-available: "boardInvolved == false"
escalate:
name: Escalate to CISO
description: Please escalate the task to the CISO
type: task
mail-available:
name: Mail available
type: input
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: 'yes'
type: string
required:
- mail
title: 'Yes'
- properties:
schemaKey:
const: 'no'
type: string
title: 'No'
title: Mail available
type: object
next:
block-sender: "schemaKey == 'yes'"
extract-iocs: "schemaKey == 'yes'"
search-email-gateway: "schemaKey == 'no'"
search-email-gateway:
name: Search email gateway
description: Please search email-gateway for the phishing mail.
type: task
next:
extract-iocs:
block-sender:
name: Block sender
type: task
next:
extract-iocs:
extract-iocs:
name: Extract IOCs
description: Please insert the IOCs
type: input
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
next:
block-iocs:
block-iocs:
name: Block IOCs
type: task
- id: simple
name: Simple
yaml: |
name: Simple
tasks:
input:
name: Enter something to hash
type: input
schema:
title: Something
type: object
properties:
something:
type: string
title: Something
default: ""
next:
hash: "something != ''"
hash:
name: Hash the something
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['something']"
next:
comment: "hash != ''"
comment:
name: Comment the hash
type: automation
automation: comment
payload:
default: "playbook.tasks['hash'].data['hash']"
next:
done: "done"
done:
name: You can close this case now
type: task
schema:
items:
$ref: '#/definitions/PlaybookTemplateResponse'
type: array
security:
- roles:
- playbook:read
summary: List playbooks
tags:
- playbooks
post:
operationId: createPlaybook
parameters:
- description: New playbook
in: body
name: playbook
required: true
schema:
$ref: '#/definitions/PlaybookTemplateForm'
x-example:
yaml: |
name: Simple2
tasks:
input:
name: Upload malware if possible
type: input
schema:
title: Malware
type: object
properties:
malware:
type: string
title: Select malware
default: ""
next:
hash: "malware != ''"
hash:
name: Hash the malware
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['malware']"
next:
escalate:
escalate:
name: Escalate to malware team
type: task
responses:
"200":
description: successful operation
examples:
test:
id: simple-2
name: Simple2
yaml: |
name: Simple2
tasks:
input:
name: Upload malware if possible
type: input
schema:
title: Malware
type: object
properties:
malware:
type: string
title: Select malware
default: ""
next:
hash: "malware != ''"
hash:
name: Hash the malware
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['malware']"
next:
escalate:
escalate:
name: Escalate to malware team
type: task
schema:
$ref: '#/definitions/PlaybookTemplateResponse'
security:
- roles:
- playbook:write
summary: Create a playbook
tags:
- playbooks
/playbooks/{id}:
delete:
operationId: deletePlaybook
parameters:
- description: Playbook name
in: path
name: id
required: true
type: string
x-example: simple
responses:
"204":
description: successful operation
security:
- roles:
- playbook:write
summary: Delete a playbook
tags:
- playbooks
get:
operationId: getPlaybook
parameters:
- description: Playbook name
in: path
name: id
required: true
type: string
x-example: simple
responses:
"200":
description: successful operation
examples:
test:
id: simple
name: Simple
yaml: |
name: Simple
tasks:
input:
name: Enter something to hash
type: input
schema:
title: Something
type: object
properties:
something:
type: string
title: Something
default: ""
next:
hash: "something != ''"
hash:
name: Hash the something
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['something']"
next:
comment: "hash != ''"
comment:
name: Comment the hash
type: automation
automation: comment
payload:
default: "playbook.tasks['hash'].data['hash']"
next:
done: "done"
done:
name: You can close this case now
type: task
schema:
$ref: '#/definitions/PlaybookTemplateResponse'
security:
- roles:
- playbook:read
summary: Get a single playbook
tags:
- playbooks
put:
operationId: updatePlaybook
parameters:
- description: Playbook ID
in: path
name: id
required: true
type: string
x-example: simple
- description: Updated playbook
in: body
name: playbook
required: true
schema:
$ref: '#/definitions/PlaybookTemplateForm'
x-example:
yaml: |
name: Simple
tasks:
input:
name: Upload malware if possible
type: input
schema:
title: Malware
type: object
properties:
malware:
type: string
title: Select malware
default: ""
next:
hash: "malware != ''"
hash:
name: Hash the malware
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['malware']"
next:
escalate:
escalate:
name: Escalate to malware team
type: task
responses:
"200":
description: successful operation
examples:
test:
id: simple
name: Simple
yaml: |
name: Simple
tasks:
input:
name: Upload malware if possible
type: input
schema:
title: Malware
type: object
properties:
malware:
type: string
title: Select malware
default: ""
next:
hash: "malware != ''"
hash:
name: Hash the malware
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['malware']"
next:
escalate:
escalate:
name: Escalate to malware team
type: task
schema:
$ref: '#/definitions/PlaybookTemplateResponse'
security:
- roles:
- playbook:write
summary: Update an existing ticket playbook
tags:
- playbooks
/settings:
get:
operationId: getSettings
responses:
"200":
description: successful operation
examples:
test:
artifactKinds:
- icon: mdi-server
id: asset
name: Asset
- icon: mdi-bullseye
id: ioc
name: IOC
artifactStates:
- color: info
icon: mdi-help-circle-outline
id: unknown
name: Unknown
- color: error
icon: mdi-skull
id: malicious
name: Malicious
- color: success
icon: mdi-check
id: clean
name: Clean
ticketTypes:
- default_playbooks: []
default_template: default
icon: mdi-alert
id: alert
name: Alerts
- default_playbooks: []
default_template: default
icon: mdi-radioactive
id: incident
name: Incidents
- default_playbooks: []
default_template: default
icon: mdi-fingerprint
id: investigation
name: Forensic Investigations
- default_playbooks: []
default_template: default
icon: mdi-target
id: hunt
name: Threat Hunting
tier: community
timeformat: yyyy-MM-dd hh:mm:ss
version: 0.0.0-test
schema:
$ref: '#/definitions/SettingsResponse'
security:
- roles:
- settings:read
summary: Get settings
tags:
- settings
post:
operationId: saveSettings
parameters:
- description: Save settings
in: body
name: settings
required: true
schema:
$ref: '#/definitions/Settings'
x-example:
artifactKinds:
- icon: mdi-server
id: asset
name: Asset
- icon: mdi-bullseye
id: ioc
name: IOC
artifactStates:
- color: info
icon: mdi-help-circle-outline
id: unknown
name: Unknown
- color: error
icon: mdi-skull
id: malicious
name: Malicious
- color: success
icon: mdi-check
id: clean
name: Clean
timeformat: yyyy-MM-dd hh:mm:ss
responses:
"200":
description: successful operation
examples:
test:
artifactKinds:
- icon: mdi-server
id: asset
name: Asset
- icon: mdi-bullseye
id: ioc
name: IOC
artifactStates:
- color: info
icon: mdi-help-circle-outline
id: unknown
name: Unknown
- color: error
icon: mdi-skull
id: malicious
name: Malicious
- color: success
icon: mdi-check
id: clean
name: Clean
ticketTypes:
- default_playbooks: []
default_template: default
icon: mdi-alert
id: alert
name: Alerts
- default_playbooks: []
default_template: default
icon: mdi-radioactive
id: incident
name: Incidents
- default_playbooks: []
default_template: default
icon: mdi-fingerprint
id: investigation
name: Forensic Investigations
- default_playbooks: []
default_template: default
icon: mdi-target
id: hunt
name: Threat Hunting
tier: community
timeformat: yyyy-MM-dd hh:mm:ss
version: 0.0.0-test
schema:
$ref: '#/definitions/SettingsResponse'
security:
- roles:
- settings:write
summary: Save settings
tags:
- settings
/statistics:
get:
operationId: getStatistics
responses:
"200":
description: successful operation
examples:
test:
open_tickets_per_user: {}
tickets_per_type:
alert: 2
incident: 1
tickets_per_week:
2021-39: 3
unassigned: 0
schema:
$ref: '#/definitions/Statistics'
security:
- roles:
- ticket:read
summary: Get statistics
tags:
- statistics
/tasks:
get:
operationId: listTasks
responses:
"200":
description: successful operation
examples:
test: []
schema:
items:
$ref: '#/definitions/TaskWithContext'
type: array
security:
- roles:
- ticket:read
summary: List tasks
tags:
- tasks
/templates:
get:
operationId: listTemplates
responses:
"200":
description: successful operation
examples:
test:
- id: default
name: Default
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Default",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
schema:
items:
$ref: '#/definitions/TicketTemplateResponse'
type: array
security:
- roles:
- template:read
summary: List templates
tags:
- templates
post:
operationId: createTemplate
parameters:
- description: New template
in: body
name: template
required: true
schema:
$ref: '#/definitions/TicketTemplateForm'
x-example:
name: My Template
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
responses:
"200":
description: successful operation
examples:
test:
id: my-template
name: My Template
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
schema:
$ref: '#/definitions/TicketTemplateResponse'
security:
- roles:
- template:write
summary: Create a new template
tags:
- templates
/templates/{id}:
delete:
operationId: deleteTemplate
parameters:
- description: Template ID
in: path
name: id
required: true
type: string
x-example: default
responses:
"204":
description: successful operation
security:
- roles:
- template:write
summary: Delete a template
tags:
- templates
get:
operationId: getTemplate
parameters:
- description: Template ID
in: path
name: id
required: true
type: string
x-example: default
responses:
"200":
description: successful operation
examples:
test:
id: default
name: Default
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Default",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
schema:
$ref: '#/definitions/TicketTemplateResponse'
security:
- roles:
- template:read
summary: Get a single template
tags:
- templates
put:
operationId: updateTemplate
parameters:
- description: Template ID
in: path
name: id
required: true
type: string
x-example: default
- description: Template object that needs to be added
in: body
name: template
required: true
schema:
$ref: '#/definitions/TicketTemplateForm'
x-example:
name: My Template
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
responses:
"200":
description: successful operation
examples:
test:
id: default
name: My Template
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
schema:
$ref: '#/definitions/TicketTemplateResponse'
security:
- roles:
- template:write
summary: Update an existing template
tags:
- templates
/tickets:
get:
operationId: listTickets
parameters:
- description: Ticket Type
in: query
name: type
type: string
- default: 0
description: Offset of the list
in: query
name: offset
type: integer
- default: 25
description: Number of tickets
in: query
maximum: 100
name: count
type: integer
- description: Sort columns
in: query
items:
type: string
name: sort
type: array
- description: Sort descending
in: query
items:
type: boolean
name: desc
type: array
- description: Search query
in: query
name: query
type: string
responses:
"200":
description: successful operation
examples:
test:
count: 3
tickets:
- artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
type: alert
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
schema:
$ref: '#/definitions/TicketList'
security:
- roles:
- ticket:read
summary: List tickets
tags:
- tickets
post:
operationId: createTicket
parameters:
- description: New ticket
in: body
name: ticket
required: true
schema:
$ref: '#/definitions/TicketForm'
x-example:
id: 123
name: Wannacry infection
owner: bob
status: open
type: incident
responses:
"200":
description: successful operation
examples:
test:
created: 2021-12-12T12:12:12.000000012Z
id: 123
modified: 2021-12-12T12:12:12.000000012Z
name: Wannacry infection
owner: bob
schema: '{}'
status: open
type: incident
schema:
$ref: '#/definitions/TicketResponse'
security:
- roles:
- ticket:write
summary: Create a new ticket
tags:
- tickets
/tickets/{id}:
delete:
operationId: deleteTicket
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
responses:
"204":
description: successful operation
security:
- roles:
- ticket:delete
summary: Delete an ticket
tags:
- tickets
get:
operationId: getTicket
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:read
summary: Get a single ticket
tags:
- tickets
put:
operationId: updateTicket
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
- description: Updated ticket
in: body
name: ticket
required: true
schema:
$ref: '#/definitions/Ticket'
x-example:
created: 2021-12-12T12:12:12.000000012Z
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
type: alert
responses:
"200":
description: successful operation
examples:
test:
created: 2021-12-12T12:12:12.000000012Z
id: 8125
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.org detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Update an existing ticket
tags:
- tickets
/tickets/{id}/artifacts:
post:
operationId: addArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Artifact object that needs to be added
in: body
name: artifact
required: true
schema:
$ref: '#/definitions/Artifact'
x-example:
name: 2.2.2.2
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
- name: 2.2.2.2
status: unknown
type: ip
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Add a single artifact
tags:
- tickets
/tickets/{id}/artifacts/{name}:
delete:
operationId: removeArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- in: path
name: name
required: true
type: string
x-example: leadreintermediate.io
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Remove an artifact
tags:
- tickets
get:
operationId: getArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- in: path
name: name
required: true
type: string
x-example: leadreintermediate.io
responses:
"200":
description: successful operation
examples:
test:
name: leadreintermediate.io
status: malicious
schema:
$ref: '#/definitions/Artifact'
security:
- roles:
- ticket:write
summary: Get a single artifact
tags:
- tickets
put:
operationId: setArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- in: path
name: name
required: true
type: string
x-example: leadreintermediate.io
- in: body
name: artifact
required: true
schema:
$ref: '#/definitions/Artifact'
x-example:
name: leadreintermediate.io
status: clean
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: clean
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Set a single artifact
tags:
- tickets
/tickets/{id}/artifacts/{name}/enrich:
post:
operationId: enrichArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- in: path
name: name
required: true
type: string
x-example: leadreintermediate.io
- in: body
name: data
required: true
schema:
$ref: '#/definitions/EnrichmentForm'
x-example:
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- enrichments:
hash.sha1:
created: 2021-12-12T12:12:12.000000012Z
data:
hash: b7a067a742c20d07a7456646de89bc2d408a1153
name: hash.sha1
name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Enrich a single artifact
tags:
- tickets
/tickets/{id}/artifacts/{name}/run/{automation}:
post:
operationId: runArtifact
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- in: path
name: name
required: true
type: string
x-example: leadreintermediate.io
- in: path
name: automation
required: true
type: string
x-example: hash.sha1
responses:
"204":
description: successful operation
security:
- roles:
- ticket:write
summary: Run automation on a single artifact
tags:
- tickets
/tickets/{id}/comments:
post:
operationId: addComment
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
- description: Ticket comment
in: body
name: comment
required: true
schema:
$ref: '#/definitions/CommentForm'
x-example:
message: My first comment
responses:
"200":
description: successful operation
examples:
test:
comments:
- created: 2021-12-12T12:12:12.000000012Z
creator: bob
message: My first comment
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Add ticket comment
tags:
- tickets
/tickets/{id}/comments/{commentID}:
delete:
description: Comment will be removed from the ticket.
operationId: removeComment
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Comment ID to remove
in: path
name: commentID
required: true
type: integer
x-example: 0
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Remove an comment from an ticket
tags:
- tickets
/tickets/{id}/playbooks:
post:
operationId: addTicketPlaybook
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
- description: Ticket playbook object that needs to be added
in: body
name: playbook
required: true
schema:
$ref: '#/definitions/PlaybookTemplateForm'
x-example:
yaml: |
name: Simple
tasks:
input:
name: Upload malware if possible
type: input
schema:
title: Malware
type: object
properties:
malware:
type: string
title: Select malware
default: ""
next:
hash: "malware != ''"
hash:
name: Hash the malware
type: automation
automation: hash.sha1
payload:
default: "playbook.tasks['input'].data['malware']"
next:
escalate:
escalate:
name: Escalate to malware team
type: task
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
playbooks:
simple:
name: Simple
tasks:
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to malware team
order: 2
type: task
hash:
active: false
automation: hash.sha1
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Hash the malware
next:
escalate: ""
order: 1
payload:
default: playbook.tasks['input'].data['malware']
type: automation
input:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Upload malware if possible
next:
hash: malware != ''
order: 0
schema:
properties:
malware:
default: ""
title: Select malware
type: string
title: Malware
type: object
type: input
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Add a new ticket playbook
tags:
- tickets
/tickets/{id}/playbooks/{playbookID}:
delete:
operationId: removeTicketPlaybook
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Playbook ID
in: path
name: playbookID
required: true
type: string
x-example: phishing
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Remove an ticket playbook
tags:
- tickets
/tickets/{id}/playbooks/{playbookID}/task/{taskID}:
put:
operationId: setTaskData
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Playbook ID
in: path
name: playbookID
required: true
type: string
x-example: phishing
- description: Task ID
in: path
name: taskID
required: true
type: string
x-example: board
- description: Task data
in: body
name: data
required: true
schema:
type: object
x-example:
boardInvolved: true
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Set a ticket playbook task data
tags:
- tickets
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/complete:
put:
operationId: completeTask
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Playbook ID
in: path
name: playbookID
required: true
type: string
x-example: phishing
- description: Task ID
in: path
name: taskID
required: true
type: string
x-example: board
- description: Ticket playbook object that needs to be added
in: body
name: data
required: true
schema:
type: object
x-example:
boardInvolved: true
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: false
closed: 2021-12-12T12:12:12.000000012Z
created: 2021-12-12T12:12:12.000000012Z
data:
boardInvolved: true
done: true
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Complete ticket playbook task
tags:
- tickets
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/owner:
put:
operationId: setTaskOwner
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Playbook ID
in: path
name: playbookID
required: true
type: string
x-example: phishing
- description: Task ID
in: path
name: taskID
required: true
type: string
x-example: board
- description: Task owner
in: body
name: owner
required: true
schema:
type: string
x-example: eve
responses:
"200":
description: successful operation
examples:
test:
artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-12-12T12:12:12.000000012Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
order: 6
type: task
block-sender:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
order: 3
type: task
board:
active: true
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
order: 0
owner: eve
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
order: 1
type: task
extract-iocs:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
order: 5
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
order: 2
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
active: false
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
order: 4
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Set a ticket playbook task owner
tags:
- tickets
/tickets/{id}/playbooks/{playbookID}/task/{taskID}/run:
post:
operationId: runTask
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8123
- description: Playbook ID
in: path
name: playbookID
required: true
type: string
x-example: phishing
- description: Task ID
in: path
name: taskID
required: true
type: string
x-example: board
responses:
"204":
description: successful operation
security:
- roles:
- ticket:write
summary: Run ticket playbook task
tags:
- tickets
/tickets/{id}/references:
put:
operationId: setReferences
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
- description: All ticket references
in: body
name: references
required: true
schema:
$ref: '#/definitions/ReferenceArray'
x-example:
- href: http://www.leadscalable.biz/envisioneer
name: fund
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-12-12T12:12:12.000000012Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Set ticket references
tags:
- tickets
/tickets/{id}/schema:
put:
operationId: setSchema
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8125
- description: New ticket schema
in: body
name: schema
required: true
schema:
type: string
x-example: '{}'
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
tickets:
- created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Set ticket schema
tags:
- tickets
/tickets/{id}/tickets:
delete:
operationId: unlinkTicket
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8126
- description: Added ticket ID
in: body
name: linkedID
required: true
schema:
format: int64
type: integer
x-example: 8125
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Unlink an ticket to an ticket
tags:
- tickets
patch:
operationId: linkTicket
parameters:
- description: Ticket ID
format: int64
in: path
name: id
required: true
type: integer
x-example: 8126
- description: Added ticket ID
in: body
name: linkedID
required: true
schema:
format: int64
type: integer
x-example: 8123
responses:
"200":
description: successful operation
examples:
test:
created: 2021-10-02T16:04:59.078186Z
id: 8126
modified: 2021-10-02T16:04:59.078186Z
name: Surfaceintroduce virus detected
owner: demo
references:
- href: http://www.centralworld-class.io/synthesize
name: university
- href: https://www.futurevirtual.org/supply-chains/markets/sticky/iterate
name: goal
- href: http://www.chiefsyndicate.io/action-items
name: unemployment
schema: '{}'
status: closed
tickets:
- artifacts:
- name: 94d5cab6f5fe3422a447ab15436e7a672bc0c09a
status: unknown
- name: http://www.customerviral.io/scalable/vertical/killer
status: clean
- name: leadreintermediate.io
status: malicious
created: 2021-10-02T16:04:59.078206Z
id: 8123
modified: 2021-10-02T16:04:59.078206Z
name: live zebra
owner: demo
playbooks:
phishing:
name: Phishing
tasks:
block-iocs:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block IOCs
type: task
block-sender:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Block sender
next:
extract-iocs: ""
type: task
board:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Board Involvement?
next:
escalate: boardInvolved == true
mail-available: boardInvolved == false
schema:
properties:
boardInvolved:
default: false
title: A board member is involved.
type: boolean
required:
- boardInvolved
title: Board Involvement?
type: object
type: input
escalate:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Escalate to CISO
type: task
extract-iocs:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Extract IOCs
next:
block-iocs: ""
schema:
properties:
iocs:
items:
type: string
title: IOCs
type: array
title: Extract IOCs
type: object
type: input
mail-available:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Mail available
next:
block-sender: schemaKey == 'yes'
extract-iocs: schemaKey == 'yes'
search-email-gateway: schemaKey == 'no'
schema:
oneOf:
- properties:
mail:
title: Mail
type: string
x-display: textarea
schemaKey:
const: "yes"
type: string
required:
- mail
title: "Yes"
- properties:
schemaKey:
const: "no"
type: string
title: "No"
title: Mail available
type: object
type: input
search-email-gateway:
created: 2021-12-12T12:12:12.000000012Z
done: false
name: Search email gateway
next:
extract-iocs: ""
type: task
references:
- href: https://www.leadmaximize.net/e-services/back-end
name: performance
- href: http://www.corporateinteractive.name/rich
name: autumn
- href: https://www.corporateintuitive.org/intuitive/platforms/integrate
name: suggest
schema: |
{
"definitions": {},
"$schema": "http://json-schema.org/draft-07/schema#",
"$id": "https://example.com/object1618746510.json",
"title": "Event",
"type": "object",
"required": [
"severity",
"description",
"tlp"
],
"properties": {
"severity": {
"$id": "#root/severity",
"title": "Severity",
"type": "string",
"default": "Medium",
"nx-enum": [
"Low",
"Medium",
"High"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "Low",
"title": "Low",
"icon": "mdi-chevron-up"
},
{
"const": "Medium",
"title": "Medium",
"icon": "mdi-chevron-double-up"
},
{
"const": "High",
"title": "High",
"icon": "mdi-chevron-triple-up"
}
]
},
"tlp": {
"$id": "#root/tlp",
"title": "TLP",
"type": "string",
"nx-enum": [
"White",
"Green",
"Amber",
"Red"
],
"x-cols": 6,
"x-class": "pr-2",
"x-display": "icon",
"x-itemIcon": "icon",
"oneOf": [
{
"const": "White",
"title": "White",
"icon": "mdi-alpha-w"
},
{
"const": "Green",
"title": "Green",
"icon": "mdi-alpha-g"
},
{
"const": "Amber",
"title": "Amber",
"icon": "mdi-alpha-a"
},
{
"const": "Red",
"title": "Red",
"icon": "mdi-alpha-r"
}
]
},
"description": {
"$id": "#root/description",
"title": "Description",
"type": "string",
"x-display": "textarea",
"x-class": "pr-2"
}
}
}
status: closed
type: incident
- created: 2021-10-02T16:04:59.078186Z
id: 8125
modified: 2021-10-02T16:04:59.078186Z
name: phishing from selenafadel@von.com detected
owner: demo
references:
- href: https://www.seniorleading-edge.name/users/efficient
name: recovery
- href: http://www.dynamicseamless.com/clicks-and-mortar
name: force
- href: http://www.leadscalable.biz/envisioneer
name: fund
schema: '{}'
status: closed
type: alert
type: alert
schema:
$ref: '#/definitions/TicketWithTickets'
security:
- roles:
- ticket:write
summary: Link an ticket to an ticket
tags:
- tickets
/tickets/batch:
post:
operationId: createTicketBatch
parameters:
- description: New ticket
in: body
name: ticket
required: true
schema:
$ref: '#/definitions/TicketFormArray'
x-example:
- id: 123
name: Wannacry infection
owner: bob
status: open
type: incident
responses:
"204":
description: successful operation
security:
- roles:
- ticket:write
summary: Create a new tickets in batch
tags:
- tickets
/tickettypes:
get:
operationId: listTicketTypes
responses:
"200":
description: successful operation
examples:
test:
- default_playbooks: []
default_template: default
icon: mdi-alert
id: alert
name: Alerts
- default_playbooks: []
default_template: default
icon: mdi-radioactive
id: incident
name: Incidents
- default_playbooks: []
default_template: default
icon: mdi-fingerprint
id: investigation
name: Forensic Investigations
- default_playbooks: []
default_template: default
icon: mdi-target
id: hunt
name: Threat Hunting
schema:
items:
$ref: '#/definitions/TicketTypeResponse'
type: array
security:
- roles:
- tickettype:read
summary: List tickettypes
tags:
- tickettypes
post:
operationId: createTicketType
parameters:
- description: New tickettype
in: body
name: tickettype
required: true
schema:
$ref: '#/definitions/TicketTypeForm'
x-example:
default_playbooks: []
default_template: default
icon: mdi-newspaper-variant-outline
name: TI Tickets
responses:
"200":
description: successful operation
examples:
test:
default_playbooks: []
default_template: default
icon: mdi-newspaper-variant-outline
id: ti-tickets
name: TI Tickets
schema:
$ref: '#/definitions/TicketTypeResponse'
security:
- roles:
- tickettype:write
summary: Create a new tickettype
tags:
- tickettypes
/tickettypes/{id}:
delete:
operationId: deleteTicketType
parameters:
- description: TicketType ID
in: path
name: id
required: true
type: string
x-example: alert
responses:
"204":
description: successful operation
security:
- roles:
- tickettype:write
summary: Delete a tickettype
tags:
- tickettypes
get:
operationId: getTicketType
parameters:
- description: TicketType ID
in: path
name: id
required: true
type: string
x-example: alert
responses:
"200":
description: successful operation
examples:
test:
default_playbooks: []
default_template: default
icon: mdi-alert
id: alert
name: Alerts
schema:
$ref: '#/definitions/TicketTypeResponse'
security:
- roles:
- tickettype:read
summary: Get a single tickettype
tags:
- tickettypes
put:
operationId: updateTicketType
parameters:
- description: TicketType ID
in: path
name: id
required: true
type: string
x-example: alert
- description: TicketType object that needs to be added
in: body
name: tickettype
required: true
schema:
$ref: '#/definitions/TicketTypeForm'
x-example:
default_playbooks: []
default_template: default
icon: mdi-bell
id: alert
name: Alerts
responses:
"200":
description: successful operation
examples:
test:
default_playbooks: []
default_template: default
icon: mdi-bell
id: alert
name: Alerts
schema:
$ref: '#/definitions/TicketTypeResponse'
security:
- roles:
- tickettype:write
summary: Update an existing tickettype
tags:
- tickettypes
/userdata:
get:
operationId: listUserData
responses:
"200":
description: successful operation
examples:
test:
- email: bob@example.org
id: bob
name: Bob Bad
schema:
items:
$ref: '#/definitions/UserDataResponse'
type: array
security:
- roles:
- userdata:read
summary: List userdata
tags:
- userdata
/userdata/{id}:
get:
operationId: getUserData
parameters:
- description: User Data ID
in: path
name: id
required: true
type: string
x-example: bob
responses:
"200":
description: successful operation
examples:
test:
email: bob@example.org
id: bob
name: Bob Bad
schema:
$ref: '#/definitions/UserDataResponse'
security:
- roles:
- userdata:read
summary: Get a single user data
tags:
- userdata
put:
operationId: updateUserData
parameters:
- description: User Data ID
in: path
name: id
required: true
type: string
x-example: bob
- description: User data object that needs to be added
in: body
name: userdata
required: true
schema:
$ref: '#/definitions/UserData'
x-example:
blocked: false
email: bob@example.org
name: Bob Bad
responses:
"200":
description: successful operation
examples:
test:
email: bob@example.org
id: bob
name: Bob Bad
schema:
$ref: '#/definitions/UserDataResponse'
security:
- roles:
- userdata:write
summary: Update an existing user data
tags:
- userdata
/users:
get:
operationId: listUsers
responses:
"200":
description: successful operation
examples:
test:
- apikey: false
blocked: false
id: bob
roles:
- admin
- apikey: true
blocked: false
id: script
roles:
- engineer
schema:
items:
$ref: '#/definitions/UserResponse'
type: array
security:
- roles:
- user:read
summary: List users
tags:
- users
post:
operationId: createUser
parameters:
- description: user object that needs to be added
in: body
name: user
required: true
schema:
$ref: '#/definitions/UserForm'
x-example:
apikey: true
blocked: false
id: syncscript
roles:
- analyst
responses:
"200":
description: successful operation
examples:
test:
blocked: false
id: syncscript
roles:
- analyst
secret: v39bOuobnlEljfWzjAgoKzhmnh1xSMxH
schema:
$ref: '#/definitions/NewUserResponse'
security:
- roles:
- user:write
summary: Create user
tags:
- users
/users/{id}:
delete:
operationId: deleteUser
parameters:
- description: user ID
in: path
name: id
required: true
type: string
x-example: script
responses:
"204":
description: successful operation
security:
- roles:
- user:write
summary: Delete user
tags:
- users
get:
operationId: getUser
parameters:
- description: user ID
in: path
name: id
required: true
type: string
x-example: script
responses:
"200":
description: successful operation
examples:
test:
apikey: true
blocked: false
id: script
roles:
- engineer
schema:
$ref: '#/definitions/UserResponse'
security:
- roles:
- user:read
summary: Get a single user
tags:
- users
put:
operationId: updateUser
parameters:
- description: Template ID
in: path
name: id
required: true
type: string
x-example: bob
- description: user object that needs to be added
in: body
name: user
required: true
schema:
$ref: '#/definitions/UserForm'
x-example:
apikey: false
blocked: false
id: syncscript
roles:
- analyst
- admin
responses:
"200":
description: successful operation
examples:
test:
apikey: false
blocked: false
id: bob
roles:
- analyst
- admin
schema:
$ref: '#/definitions/UserResponse'
security:
- roles:
- user:write
summary: Update user
tags:
- users
produces:
- application/json
schemes:
- http
swagger: "2.0"
Reference in New Issue View Git Blame Copy Permalink