From 2e228c8355473c7f366ea2f1e35defab75d8591a Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 7 May 2021 13:22:03 -0400
Subject: [PATCH 1/2] FEATURE: Pivot from Alerts/Hunt to CyberChef #4081

---
 salt/soc/files/soc/alerts.actions.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/soc/files/soc/alerts.actions.json b/salt/soc/files/soc/alerts.actions.json
index c0543d8fc..558d10a36 100644
--- a/salt/soc/files/soc/alerts.actions.json
+++ b/salt/soc/files/soc/alerts.actions.json
@@ -18,6 +18,10 @@
               "/joblookup?esid={:soc_id}", 
               "/joblookup?ncid={:network.community_id}"
             ]},
+  { "name": "actionCyberChef", "description": "actionCyberChefHelp", "icon": "fas fa-bread-slice", "target": "_blank", 
+            "links": [
+              "/cyberchef/#input={value|base64}"
+            ]},
   { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", 
             "links": [
               "https://www.google.com/search?q={value}"
@@ -26,4 +30,4 @@
             "links": [
               "https://www.virustotal.com/gui/search/{value}"
 					  ]}
-]
\ No newline at end of file
+]

From 293fb0a76d87feb207c8eb6db6b0a85aca49b928 Mon Sep 17 00:00:00 2001
From: Doug Burks <doug.burks@gmail.com>
Date: Fri, 7 May 2021 13:23:46 -0400
Subject: [PATCH 2/2] FEATURE: Pivot from Alerts/Hunt to CyberChef #4081

---
 salt/soc/files/soc/hunt.actions.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/salt/soc/files/soc/hunt.actions.json b/salt/soc/files/soc/hunt.actions.json
index c0543d8fc..558d10a36 100644
--- a/salt/soc/files/soc/hunt.actions.json
+++ b/salt/soc/files/soc/hunt.actions.json
@@ -18,6 +18,10 @@
               "/joblookup?esid={:soc_id}", 
               "/joblookup?ncid={:network.community_id}"
             ]},
+  { "name": "actionCyberChef", "description": "actionCyberChefHelp", "icon": "fas fa-bread-slice", "target": "_blank", 
+            "links": [
+              "/cyberchef/#input={value|base64}"
+            ]},
   { "name": "actionGoogle", "description": "actionGoogleHelp", "icon": "fab fa-google", "target": "_blank", 
             "links": [
               "https://www.google.com/search?q={value}"
@@ -26,4 +30,4 @@
             "links": [
               "https://www.virustotal.com/gui/search/{value}"
 					  ]}
-]
\ No newline at end of file
+]