From 97b1f1a4124db1f484b284e3c8817703865eca26 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Tue, 18 Dec 2018 14:50:22 +0200 Subject: [PATCH 01/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Dashboards/dashboard-SLA.json | 338 ++++++ IncidentFields/incidentfields.json | 265 +++++ Layouts/layout-details-Phishing.json | 34 +- Layouts/layout-quickView-Phishing.json | 1048 +++++++++++++++++ ...ybook-Phishing_Investigation_-_Generic.yml | 366 ++++-- Scripts/ChangeRemediationSLAOnSevChange.yml | 43 + Scripts/SendEmailOnSLABreach.yml | 22 + Scripts/StopTimeToAssignOnOwnerChange.yml | 19 + Widgets/widget-DetectionSLABySLAStatus.json | 27 + Widgets/widget-MeanTimeToDetection.json | 27 + Widgets/widget-MttdByType.json | 26 + Widgets/widget-MttrByType.json | 4 +- Widgets/widget-RemediationSLABySlaStatus.json | 27 + 13 files changed, 2135 insertions(+), 111 deletions(-) create mode 100644 Dashboards/dashboard-SLA.json create mode 100644 Layouts/layout-quickView-Phishing.json create mode 100644 Scripts/ChangeRemediationSLAOnSevChange.yml create mode 100644 Scripts/SendEmailOnSLABreach.yml create mode 100644 Scripts/StopTimeToAssignOnOwnerChange.yml create mode 100644 Widgets/widget-DetectionSLABySLAStatus.json create mode 100644 Widgets/widget-MeanTimeToDetection.json create mode 100644 Widgets/widget-MttdByType.json create mode 100644 Widgets/widget-RemediationSLABySlaStatus.json diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json new file mode 100644 index 000000000000..4e486565ea7d --- /dev/null +++ b/Dashboards/dashboard-SLA.json @@ -0,0 +1,338 @@ +{ + "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", + "version": -1, + "fromVersion: 4.1", + "modified": "2018-12-18T08:51:53.305960048Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 7, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z", + "name": "SLA", + "prevName": "SLA", + "layout": [ + { + "id": "25a2e8f0-fd4e-11e8-a656-2b6c8cbabaee", + "forceRange": false, + "x": 6, + "y": 0, + "i": "25a2e8f0-fd4e-11e8-a656-2b6c8cbabaee", + "w": 2, + "h": 1, + "widget": { + "id": "fddd62ff-a411-4e6a-8213-e0277a9b95b5", + "version": 1, + "modified": "2018-12-11T14:07:48.30355312Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Mean Time to Detection", + "prevName": "Mean Time to Detection", + "dataType": "incidents", + "widgetType": "duration", + "query": "-category:job and detectionsla.runStatus:ended", + "sort": null, + "isPredefined": false, + "description": "The mean time (average time) to detection across all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default.", + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "keys": [ + "avg|detectionsla.totalDuration" + ] + }, + "size": 0, + "category": "" + } + }, + { + "id": "3747f820-fd4e-11e8-a656-2b6c8cbabaee", + "forceRange": false, + "x": 2, + "y": 0, + "i": "3747f820-fd4e-11e8-a656-2b6c8cbabaee", + "w": 2, + "h": 2, + "widget": { + "id": "1e54092d-1ed0-47a6-862d-893adc05e612", + "version": 1, + "modified": "2018-12-11T14:08:17.885080182Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Detection SLA by Status", + "prevName": "Detection SLA by Status", + "dataType": "incidents", + "widgetType": "pie", + "query": "-category:job and -detectionsla.runStatus:idle", + "sort": null, + "isPredefined": false, + "description": "The detection SLA status of all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes.", + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "groupBy": [ + "detectionsla.slaStatus" + ] + }, + "size": 0, + "category": "" + } + }, + { + "id": "3de5b1e0-fd4e-11e8-a656-2b6c8cbabaee", + "forceRange": false, + "x": 4, + "y": 0, + "i": "3de5b1e0-fd4e-11e8-a656-2b6c8cbabaee", + "w": 2, + "h": 2, + "widget": { + "id": "1767dee0-7f8c-48a5-8988-c58b9e713ab6", + "version": 1, + "modified": "2018-12-11T14:08:29.989409603Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Remediation SLA by Status", + "prevName": "Remediation SLA by Status", + "dataType": "incidents", + "widgetType": "pie", + "query": "-category:job and -remediationsla.runStatus:idle", + "sort": null, + "isPredefined": false, + "description": "The remediation SLA status of all incidents that started a remediation process. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes.", + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "groupBy": [ + "remediationsla.slaStatus" + ] + }, + "size": 0, + "category": "" + } + }, + { + "id": "a48c1670-fdf1-11e8-a2fa-df5e7de7d45d", + "forceRange": false, + "x": 8, + "y": 0, + "i": "a48c1670-fdf1-11e8-a2fa-df5e7de7d45d", + "w": 2, + "h": 1, + "widget": { + "id": "mean-time-to-resolution", + "version": 169, + "modified": "2018-11-18T19:16:55.198631575Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Mean Time To Resolution", + "prevName": "", + "dataType": "incidents", + "widgetType": "duration", + "query": "-category:job and status:closed", + "sort": null, + "isPredefined": true, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 7, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "keys": [ + "avg|openDuration", + "count|1" + ] + }, + "size": 0, + "category": "" + } + }, + { + "id": "d2bbe430-02a1-11e9-878d-4fff182656eb", + "forceRange": false, + "x": 2, + "y": 2, + "i": "d2bbe430-02a1-11e9-878d-4fff182656eb", + "w": 4, + "h": 2, + "widget": { + "id": "mttd-by-type", + "version": 1, + "modified": "2018-12-17T14:48:47.850059634Z", + "commitMessage": "Widget imported", + "shouldPublish": true, + "shouldCommit": true, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "MTTD by Type", + "prevName": "MTTD by Type", + "dataType": "incidents", + "widgetType": "line", + "query": "-category:job and detectionsla.runStatus:ended", + "sort": null, + "isPredefined": false, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 7, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "groupBy": [ + "occurred(d)", + "type" + ], + "keys": [ + "avg|detectionsla.totalDuration / 60" + ] + }, + "size": 0, + "category": "" + } + }, + { + "id": "e30f9430-02a1-11e9-878d-4fff182656eb", + "forceRange": false, + "x": 6, + "y": 1, + "i": "e30f9430-02a1-11e9-878d-4fff182656eb", + "w": 4, + "h": 3, + "widget": { + "id": "mttr-by-type", + "version": 168, + "modified": "2018-11-18T19:16:55.198656485Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "MTTR by Type", + "prevName": "", + "dataType": "incidents", + "widgetType": "line", + "query": "-category:job and status:closed", + "sort": null, + "isPredefined": true, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 7, + "field": "" + }, + "fromDateLicense": "0001-01-01T00:00:00Z" + }, + "params": { + "groupBy": [ + "occurred(d)", + "type" + ], + "keys": [ + "avg|openDuration / (3600*24)" + ] + }, + "size": 0, + "category": "" + } + } + ], + "isPredefined": false, + "shared": false, + "owner": "idov@demisto.com" +} \ No newline at end of file diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 2e06106ba701..47db6c330340 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1,4 +1,5 @@ { + "releaseNotes": "SLA fields added", "incidentFields": [ { "id": "incident_app", @@ -1650,6 +1651,270 @@ "associatedToAll": false, "unmapped": false, "unsearchable": false + }, + { + "id": "incident_remediationsla", + "version": 3, + "modified": "2018-12-11T12:53:56.816268002Z", + "commitMessage": "Field edited", + "shouldPublish": true, + "shouldCommit": true, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Remediation SLA", + "prevName": "Remediation SLA", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took since remediation of the incident began, and until it ended.", + "cliName": "remediationsla", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": [], + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": [ + { + "key": "columnheader1", + "displayName": "Column Header 1", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader2", + "displayName": "Column Header 2", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader3", + "displayName": "Column Header 3", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + } + ], + "defaultRows": [ + {}, + {}, + {} + ], + "sla": 7200, + "threshold": 72, + "breachScript": "" + }, + { + "id": "incident_detectionsla", + "version": 2, + "modified": "2018-12-11T12:53:48.369705659Z", + "commitMessage": "Field edited", + "shouldPublish": true, + "shouldCommit": true, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Detection SLA", + "prevName": "Detection SLA", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took from incident creation until the maliciousness was determined.", + "cliName": "detectionsla", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": [], + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": [ + { + "key": "columnheader1", + "displayName": "Column Header 1", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader2", + "displayName": "Column Header 2", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader3", + "displayName": "Column Header 3", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + } + ], + "defaultRows": [ + {}, + {}, + {} + ], + "sla": 20, + "threshold": 72, + "breachScript": "" + }, + { + "id": "incident_timetoassignment", + "version": 1, + "modified": "2018-12-11T12:55:38.305896432Z", + "commitMessage": "Field edited", + "shouldPublish": true, + "shouldCommit": true, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "Time to Assignment", + "prevName": "Time to Assignment", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took from when the incident was created until a user was assigned to it.", + "cliName": "timetoassignment", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": null, + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "columns": [ + { + "key": "columnheader1", + "displayName": "Column Header 1", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader2", + "displayName": "Column Header 2", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + }, + { + "key": "columnheader3", + "displayName": "Column Header 3", + "type": "shortText", + "required": false, + "script": "", + "width": 150, + "isDefault": true, + "fieldCalcScript": "", + "isReadOnly": false, + "selectValues": null + } + ], + "defaultRows": [ + {}, + {}, + {} + ], + "sla": 0, + "threshold": 72, + "breachScript": "" } ] } diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index c788c8cf992d..444dee7b716f 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -3,9 +3,23 @@ "kind": "details", "layout": { "id": "Phishing", - "version": -1, - "modified": "2018-09-09T10:43:29.758272+03:00", + "version": 1, + "modified": "2018-12-18T09:26:45.523902097Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, "name": "", + "kind": "details", + "prevKind": "details", + "typeId": "Phishing", + "prevTypeId": "Phishing", + "system": false, "sections": [ { "id": "", @@ -135,6 +149,20 @@ "fieldId": "incident_playbookid", "isVisible": true }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_detectionsla", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_remediationsla", + "isVisible": true + }, { "id": "", "version": 0, @@ -605,4 +633,4 @@ } ] } -} +} \ No newline at end of file diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json new file mode 100644 index 000000000000..a954e20d99f1 --- /dev/null +++ b/Layouts/layout-quickView-Phishing.json @@ -0,0 +1,1048 @@ +{ + "typeId": "Phishing", + "kind": "quickView", + "layout": { + "id": "Phishing", + "version": 1, + "modified": "2018-12-18T09:27:21.43610162Z", + "commitMessage": "", + "shouldPublish": false, + "shouldCommit": false, + "shouldPush": false, + "versionedDiff": { + "action": "", + "addedLines": 0, + "deletedLines": 0 + }, + "name": "", + "kind": "quickView", + "prevKind": "quickView", + "typeId": "Phishing", + "prevTypeId": "Phishing", + "system": false, + "sections": [ + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "name": "Basic Information", + "type": "", + "isVisible": true, + "readOnly": false, + "fields": [ + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_type", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_severity", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_owner", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_dbotstatus", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sourcebrand", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sourceinstance", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_playbookid", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_detectionsla", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_remediationsla", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_phase", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_roles", + "isVisible": true + } + ], + "description": "", + "query": null, + "queryType": "" + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "name": "Timeline Information", + "type": "", + "isVisible": true, + "readOnly": false, + "fields": [ + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_dbotcreated", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_occurred", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_dbotduedate", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_dbotmodified", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_dbottotaltime", + "isVisible": true + } + ], + "description": "", + "query": null, + "queryType": "" + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "name": "Custom Fields", + "type": "", + "isVisible": true, + "readOnly": false, + "fields": [ + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_1longtexttest", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_3", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_4", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_5", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_6", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_7", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_8", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_9", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_adgroupname", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_ainsensitive", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_alertlevel", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_amarkdownsection", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_anothernumberpleasejusttomakesure", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_asensitive", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_attach", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_backupowner", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_bool1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_bool2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_booleansummary", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_booleantest", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_boolfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_casenumber", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_cleanname", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_closeinvestcustom", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_compliance", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_constvalue", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_customfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_date2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_department", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_departmentadmin", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_destinationip", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_detectionsla", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_disposition", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_docsgrid", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_edennum", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_emailtag2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_escalationdate", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_falses", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_fetchid", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_fetchtype", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_field1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_field2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_field3", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_field4", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_fieldone", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_fieldtwo", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_hadastry", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_host", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_htmltypefield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_important", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_incidentactions", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_infectedhost", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_internalemail", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_itaytestfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_killchain", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_lob", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_longtextone", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_longtexttoo", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_mttd", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_multilinetext", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_multiselect", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_mydate", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_myname", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_myseverity", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_newmarkdownfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_newtextfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_noastable", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_numberplease", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_objecttype", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_originalhtml", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_oriwithspace", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_priority", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_queues", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_relatedincidentssummary", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_remediationsla", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_reporttable", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_riskscore", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_selector", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sensitive", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sensorinstalled", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_shiftnotes", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_shrikitable", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_single", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_single2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_slatest", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_source", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sourceip", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_sourceip1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_subcat", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_subcategory", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_table", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_targethostname", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_team", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_telefield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_teleselect", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_test", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_test111", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_testfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_testguy", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_thisismysuperlongfield", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_tier2owner", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timeassignedtolevel2", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timefield1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timelevel1", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timetoassignment", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timetoinvestigate", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timetomitigate", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_timetotriage", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_tldr", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_tlp", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_tr123", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_uniquefiled", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_useremail", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_userinformation", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_username", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_vvvv", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_windowlocation", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_windowupgrade", + "isVisible": true + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_windowupgraded", + "isVisible": true + } + ], + "description": "", + "query": null, + "queryType": "" + }, + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "name": "Labels", + "type": "labels", + "isVisible": true, + "readOnly": true, + "fields": [ + { + "id": "", + "version": 0, + "modified": "0001-01-01T00:00:00Z", + "fieldId": "incident_labels", + "isVisible": true + } + ], + "description": "", + "query": null, + "queryType": "" + } + ] + } +} \ No newline at end of file diff --git a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml index 137135a7c062..fad583685131 100644 --- a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml +++ b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml @@ -1,7 +1,7 @@ id: Phishing Investigation - Generic version: -1 +fromversion: 4.1.0 name: Phishing Investigation - Generic -fromversion: 4.0 description: |- Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself. @@ -10,34 +10,33 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: 32d25ab2-8fa5-46cd-82df-78dc402c0150 + taskid: 44927568-9dcf-4acb-84c2-1466eb224729 type: start task: - id: 32d25ab2-8fa5-46cd-82df-78dc402c0150 + id: 44927568-9dcf-4acb-84c2-1466eb224729 version: -1 name: "" - description: "" iscommand: false brand: "" nexttasks: '#none#': - - "11" - - "18" + - "39" separatecontext: false view: |- { "position": { "x": 592.5, - "y": 50 + "y": -130 } } note: false + timertriggers: [] "2": id: "2" - taskid: 17b50e98-fd3e-4410-80c7-a6095629096c + taskid: c4e87e26-a8fc-473a-8f84-e63335a552e8 type: regular task: - id: 17b50e98-fd3e-4410-80c7-a6095629096c + id: c4e87e26-a8fc-473a-8f84-e63335a552e8 version: -1 name: Assign to analyst description: Assign the incident to an analyst based on the analyst's organizational @@ -66,15 +65,15 @@ tasks: } } note: false + timertriggers: [] "6": id: "6" - taskid: 5882f2a4-7949-4121-8dc6-09a44bc78a48 + taskid: c3cd10bc-d79e-4471-8b28-82613ac05418 type: playbook task: - id: 5882f2a4-7949-4121-8dc6-09a44bc78a48 + id: c3cd10bc-d79e-4471-8b28-82613ac05418 version: -1 name: "" - description: "" playbookName: Calculate Severity - Generic type: playbook iscommand: false @@ -91,12 +90,13 @@ tasks: } } note: false + timertriggers: [] "7": id: "7" - taskid: 96f4ce72-93d9-45b9-8831-0cbda3396066 + taskid: 89d7dd49-06a3-4397-8b72-f4428bf24805 type: regular task: - id: 96f4ce72-93d9-45b9-8831-0cbda3396066 + id: 89d7dd49-06a3-4397-8b72-f4428bf24805 version: -1 name: Manually review the incident description: Review the incident to determine if the email that the user reported @@ -116,12 +116,13 @@ tasks: } } note: false + timertriggers: [] "8": id: "8" - taskid: 0cead84c-7626-4cc0-839f-d1b8d5260b9c + taskid: 104d08e2-78ad-496f-81f6-f3ebe77f3b5a type: regular task: - id: 0cead84c-7626-4cc0-839f-d1b8d5260b9c + id: 104d08e2-78ad-496f-81f6-f3ebe77f3b5a version: -1 name: Close investigation description: Close the investigation. @@ -145,17 +146,18 @@ tasks: view: |- { "position": { - "x": 695, - "y": 2700 + "x": 685, + "y": 3290 } } note: false + timertriggers: [] "11": id: "11" - taskid: 6b039cde-c519-4ad2-83b7-17dbefb01c7b + taskid: f90db644-38c8-4d31-840c-4b5b16069a33 type: title task: - id: 6b039cde-c519-4ad2-83b7-17dbefb01c7b + id: f90db644-38c8-4d31-840c-4b5b16069a33 version: -1 name: Triage description: "" @@ -174,12 +176,13 @@ tasks: } } note: false + timertriggers: [] "12": id: "12" - taskid: 40a1c30b-92a4-41fc-84f3-c8474693f931 + taskid: 1a99d7e1-2c84-4d57-80be-0ec42482d952 type: regular task: - id: 40a1c30b-92a4-41fc-84f3-c8474693f931 + id: 1a99d7e1-2c84-4d57-80be-0ec42482d952 version: -1 name: Store the email address of the reporting user description: Store the email address of the user that reported the incident. @@ -209,12 +212,13 @@ tasks: } } note: false + timertriggers: [] "13": id: "13" - taskid: 4aafb18b-b981-470e-864c-5caedb033ce0 + taskid: 0f0f8a66-8f89-43fe-8e23-33d1d476c175 type: regular task: - id: 4aafb18b-b981-470e-864c-5caedb033ce0 + id: 0f0f8a66-8f89-43fe-8e23-33d1d476c175 version: -1 name: Acknowledge incident was received description: | @@ -254,15 +258,15 @@ tasks: } } note: false + timertriggers: [] "14": id: "14" - taskid: 849b0463-ea4a-4860-86b5-825e5cda8a08 + taskid: ca8ce4fe-c164-447f-872e-7a4ecf2cdbcd type: playbook task: - id: 849b0463-ea4a-4860-86b5-825e5cda8a08 + id: ca8ce4fe-c164-447f-872e-7a4ecf2cdbcd version: -1 name: Email Address Enrichment - Generic - description: "" playbookName: Email Address Enrichment - Generic type: playbook iscommand: false @@ -279,12 +283,13 @@ tasks: } } note: false + timertriggers: [] "15": id: "15" - taskid: f3ddd9af-36b1-44fb-8eaf-1a71be6b34fb + taskid: bd6e25bf-75cc-41b0-8f27-12b96b0f5ca4 type: condition task: - id: f3ddd9af-36b1-44fb-8eaf-1a71be6b34fb + id: bd6e25bf-75cc-41b0-8f27-12b96b0f5ca4 version: -1 name: Is the email malicious? description: Determine if the email is malicious based on the calculated severity. @@ -295,7 +300,7 @@ tasks: '#default#': - "31" 'Malicious ': - - "30" + - "41" separatecontext: false conditions: - label: 'Malicious ' @@ -316,12 +321,13 @@ tasks: } } note: false + timertriggers: [] "16": id: "16" - taskid: 79084bbf-1187-4b31-82f2-8b153a093a49 + taskid: ac0d8fe7-8ec0-49b8-8947-75d3bb87437c type: regular task: - id: 79084bbf-1187-4b31-82f2-8b153a093a49 + id: ac0d8fe7-8ec0-49b8-8947-75d3bb87437c version: -1 name: Update the user that the reported email is safe description: Send an email to the user explaining that the email they reported @@ -332,7 +338,7 @@ tasks: brand: "" nexttasks: '#none#': - - "8" + - "43" scriptarguments: attachIDs: {} bcc: {} @@ -357,17 +363,18 @@ tasks: view: |- { "position": { - "x": 60, - "y": 2525 + "x": 40, + "y": 2865 } } note: false + timertriggers: [] "17": id: "17" - taskid: f7788586-5020-4246-8946-2021c76dc722 + taskid: 3616a344-7c58-4ac0-86fe-bad84f58c2e2 type: regular task: - id: f7788586-5020-4246-8946-2021c76dc722 + id: 3616a344-7c58-4ac0-86fe-bad84f58c2e2 version: -1 name: Update the user that the reported email is malicious description: Send an email to the user explaining that the email they reported @@ -401,17 +408,18 @@ tasks: view: |- { "position": { - "x": 807.5, - "y": 2030 + "x": 797.5, + "y": 2200 } } note: false + timertriggers: [] "18": id: "18" - taskid: 916bc6c8-6d46-4f04-8bd2-1152736b7984 + taskid: a4de0c33-52a7-42d9-8e4d-1a753a62d20e type: title task: - id: 916bc6c8-6d46-4f04-8bd2-1152736b7984 + id: a4de0c33-52a7-42d9-8e4d-1a753a62d20e version: -1 name: Engage with User description: "" @@ -430,15 +438,15 @@ tasks: } } note: false + timertriggers: [] "22": id: "22" - taskid: ca065734-ff0b-4d84-8bfe-a93298bd34ab + taskid: d24700ff-dc15-4f52-8faa-ab74f7d65ae3 type: playbook task: - id: ca065734-ff0b-4d84-8bfe-a93298bd34ab + id: d24700ff-dc15-4f52-8faa-ab74f7d65ae3 version: -1 name: Detonate File - Generic - description: "" playbookName: Detonate File - Generic type: playbook iscommand: false @@ -455,15 +463,15 @@ tasks: } } note: false + timertriggers: [] "25": id: "25" - taskid: fb79a97c-7e8d-4004-8a89-4297f9d0a9cf + taskid: ecff99fe-b6cf-4306-8609-9ca00a5dcc8f type: playbook task: - id: fb79a97c-7e8d-4004-8a89-4297f9d0a9cf + id: ecff99fe-b6cf-4306-8609-9ca00a5dcc8f version: -1 name: Entity Enrichment - Generic - description: "" playbookName: Entity Enrichment - Generic type: playbook iscommand: false @@ -480,15 +488,15 @@ tasks: } } note: false + timertriggers: [] "26": id: "26" - taskid: 2cf1ade0-ab88-4dfd-819e-c134627edaf7 + taskid: 87a23c95-84b5-4343-8a01-d70c6f97702a type: playbook task: - id: 2cf1ade0-ab88-4dfd-819e-c134627edaf7 + id: 87a23c95-84b5-4343-8a01-d70c6f97702a version: -1 name: Process Email - Generic - description: "" playbookName: Process Email - Generic type: playbook iscommand: false @@ -506,12 +514,13 @@ tasks: } } note: false + timertriggers: [] "27": id: "27" - taskid: d73d68a4-dff2-4cae-8645-972f9c328444 + taskid: 1b402b79-641b-4ac1-8124-80e939ae3bd4 type: title task: - id: d73d68a4-dff2-4cae-8645-972f9c328444 + id: 1b402b79-641b-4ac1-8124-80e939ae3bd4 version: -1 name: Remediate description: "" @@ -520,49 +529,48 @@ tasks: brand: "" nexttasks: '#none#': - - "34" - - "36" - - "37" + - "42" separatecontext: false view: |- { "position": { - "x": 807.5, - "y": 2205 + "x": 797.5, + "y": 2375 } } note: false + timertriggers: [] "28": id: "28" - taskid: 6cc94de8-1f6c-4832-805b-43ec888fcf1b + taskid: 2f89f21c-0088-460a-81b2-b0c3f021b89c type: playbook task: - id: 6cc94de8-1f6c-4832-805b-43ec888fcf1b + id: 2f89f21c-0088-460a-81b2-b0c3f021b89c version: -1 name: Search And Delete Emails - Generic - description: "" playbookName: Search And Delete Emails - Generic type: playbook iscommand: false brand: "" nexttasks: '#none#': - - "8" + - "43" separatecontext: true view: |- { "position": { - "x": 910, - "y": 2525 + "x": 890, + "y": 2865 } } note: false + timertriggers: [] "29": id: "29" - taskid: e9a74030-baa8-43f9-8c35-54f8ae2d6b7b + taskid: 8f9afe19-c4b2-4f86-8544-4fee8d8455d1 type: title task: - id: e9a74030-baa8-43f9-8c35-54f8ae2d6b7b + id: 8f9afe19-c4b2-4f86-8544-4fee8d8455d1 version: -1 name: Done description: "" @@ -573,17 +581,18 @@ tasks: view: |- { "position": { - "x": 695, - "y": 2875 + "x": 685, + "y": 3465 } } note: false + timertriggers: [] "30": id: "30" - taskid: 824c86e1-14a5-42cf-8516-e5f893558f09 + taskid: 50789baf-1476-467a-8386-0be463a4a460 type: title task: - id: 824c86e1-14a5-42cf-8516-e5f893558f09 + id: 50789baf-1476-467a-8386-0be463a4a460 version: -1 name: Malicious description: "" @@ -597,17 +606,18 @@ tasks: view: |- { "position": { - "x": 807.5, - "y": 1885 + "x": 797.5, + "y": 2055 } } note: false + timertriggers: [] "31": id: "31" - taskid: 717e858d-5696-441b-8ff2-30f798cea618 + taskid: 7d784d78-4fc1-4465-8a32-4c13aff74e60 type: title task: - id: 717e858d-5696-441b-8ff2-30f798cea618 + id: 7d784d78-4fc1-4465-8a32-4c13aff74e60 version: -1 name: Undetermined description: "" @@ -626,12 +636,13 @@ tasks: } } note: false + timertriggers: [] "33": id: "33" - taskid: f59a91ed-b686-4133-8f23-13338cff2d6e + taskid: 6f2e21d2-2a93-433e-81f5-3c9abd359e95 type: condition task: - id: f59a91ed-b686-4133-8f23-13338cff2d6e + id: 6f2e21d2-2a93-433e-81f5-3c9abd359e95 version: -1 name: Is the email malicious? description: Is the email that the user reported malicious? @@ -640,9 +651,9 @@ tasks: brand: "" nexttasks: "No": - - "16" - "yes": - - "30" + - "40" + "Yes": + - "41" separatecontext: false view: |- { @@ -652,12 +663,13 @@ tasks: } } note: false + timertriggers: [] "34": id: "34" - taskid: 17f0be59-6aff-4f12-829a-395597295427 + taskid: 536ca1cd-adbe-4db2-89c1-318be024fc3e type: regular task: - id: 17f0be59-6aff-4f12-829a-395597295427 + id: 536ca1cd-adbe-4db2-89c1-318be024fc3e version: -1 name: Manually remediate the incident description: "Consider the following:\n1. Search for and delete similar emails\n2. @@ -669,25 +681,25 @@ tasks: brand: "" nexttasks: '#none#': - - "8" + - "43" separatecontext: false view: |- { "position": { - "x": 460, - "y": 2360 + "x": 440, + "y": 2700 } } note: false + timertriggers: [] "35": id: "35" - taskid: 524a2856-34ef-4752-862d-90daa98875ee + taskid: cd577642-8baf-4aba-87d9-29f0366aa173 type: playbook task: - id: 524a2856-34ef-4752-862d-90daa98875ee + id: cd577642-8baf-4aba-87d9-29f0366aa173 version: -1 name: Extract Indicators From File - Generic - description: "" playbookName: Extract Indicators From File - Generic type: playbook iscommand: false @@ -704,12 +716,13 @@ tasks: } } note: false + timertriggers: [] "36": id: "36" - taskid: 9aff5a75-b7eb-410a-8751-6cc749dc9df5 + taskid: eebcf7b0-41c8-4185-8fad-977de983ab65 type: condition task: - id: 9aff5a75-b7eb-410a-8751-6cc749dc9df5 + id: eebcf7b0-41c8-4185-8fad-977de983ab65 version: -1 name: Execute the "Search and Delete" sub-playbook? description: Verify that the "Search and Delete" parameter is set to "True"? @@ -718,7 +731,7 @@ tasks: brand: "" nexttasks: '#default#': - - "8" + - "43" "yes": - "28" separatecontext: false @@ -744,17 +757,18 @@ tasks: view: |- { "position": { - "x": 910, - "y": 2360 + "x": 890, + "y": 2700 } } note: false + timertriggers: [] "37": id: "37" - taskid: 8277280f-0c19-4d99-85c9-39e19f60bc0d + taskid: f6b138df-f341-4cc0-8b9a-7f4ba4a06c71 type: condition task: - id: 8277280f-0c19-4d99-85c9-39e19f60bc0d + id: f6b138df-f341-4cc0-8b9a-7f4ba4a06c71 version: -1 name: Execute the "Block Indicators" sub-playbook? description: Verify that the "Block indicators" parameter is set to "True"? @@ -763,7 +777,7 @@ tasks: brand: "" nexttasks: '#default#': - - "8" + - "43" "yes": - "38" separatecontext: false @@ -789,45 +803,184 @@ tasks: view: |- { "position": { - "x": 1350, - "y": 2360 + "x": 1330, + "y": 2700 } } note: false + timertriggers: [] "38": id: "38" - taskid: 2198ea9b-926d-4f25-829e-39c390771dfb + taskid: cfb76a8d-e926-41a3-8036-6d4d54abf96d type: playbook task: - id: 2198ea9b-926d-4f25-829e-39c390771dfb + id: cfb76a8d-e926-41a3-8036-6d4d54abf96d version: -1 name: Block Indicators - Generic - description: "" playbookName: Block Indicators - Generic type: playbook iscommand: false brand: "" nexttasks: '#none#': - - "8" + - "43" separatecontext: true view: |- { "position": { - "x": 1350, - "y": 2525 + "x": 1330, + "y": 2865 + } + } + note: false + timertriggers: [] + "39": + id: "39" + taskid: 5ff2d707-a036-4db0-8851-ed3ec61802db + type: title + task: + id: 5ff2d707-a036-4db0-8851-ed3ec61802db + version: -1 + name: Start Detection Timer + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "11" + - "18" + separatecontext: false + view: |- + { + "position": { + "x": 592.5, + "y": 0 + } + } + note: false + timertriggers: + - fieldname: detectionsla + action: start + "40": + id: "40" + taskid: 83e23120-b009-4565-8ab7-880b247aee16 + type: title + task: + id: 83e23120-b009-4565-8ab7-880b247aee16 + version: -1 + name: Stop Detection Timer + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "16" + separatecontext: false + view: |- + { + "position": { + "x": 60, + "y": 2260 + } + } + note: false + timertriggers: + - fieldname: detectionsla + action: stop + "41": + id: "41" + taskid: 88612884-d640-4dd1-85f4-0daa684ecf99 + type: title + task: + id: 88612884-d640-4dd1-85f4-0daa684ecf99 + version: -1 + name: Stop Detection Timer + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "30" + separatecontext: false + view: |- + { + "position": { + "x": 797.5, + "y": 1880 + } + } + note: false + timertriggers: + - fieldname: detectionsla + action: stop + "42": + id: "42" + taskid: b7d4e2cb-4d75-4c0d-8d87-732af590173e + type: title + task: + id: b7d4e2cb-4d75-4c0d-8d87-732af590173e + version: -1 + name: Start Remediation Timer + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "34" + - "37" + - "36" + separatecontext: false + view: |- + { + "position": { + "x": 890, + "y": 2530 + } + } + note: false + timertriggers: + - fieldname: remediationsla + action: start + "43": + id: "43" + taskid: f863f789-c46a-44e2-8d8b-02174df5010b + type: title + task: + id: f863f789-c46a-44e2-8d8b-02174df5010b + version: -1 + name: Stop Remediation Timer + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "8" + separatecontext: false + view: |- + { + "position": { + "x": 685, + "y": 3150 } } note: false + timertriggers: + - fieldname: remediationsla + action: stop view: |- { "linkLabelsPosition": {}, "paper": { "dimensions": { - "height": 2890, + "height": 3660, "width": 1670, - "x": 60, - "y": 50 + "x": 40, + "y": -130 } } } @@ -852,6 +1005,7 @@ inputs: Enable the "Block Indicators" capability (can be either "True" or "False"). In case of a malicious email, the "Block Indicators" sub-playbook will block all malicious indicators in the relevant integrations. outputs: [] +releaseNotes: "-" tests: - Phishing test - attachment -- Phishing test - Inline +- Phishing test - Inline \ No newline at end of file diff --git a/Scripts/ChangeRemediationSLAOnSevChange.yml b/Scripts/ChangeRemediationSLAOnSevChange.yml new file mode 100644 index 000000000000..ad0d3a4cd31a --- /dev/null +++ b/Scripts/ChangeRemediationSLAOnSevChange.yml @@ -0,0 +1,43 @@ +commonfields: + id: 310ed078-8188-443f-83cc-7cb80c55971d + version: -1 + fromVersion: 4.1 +name: ChangeRemediationSLAOnSevChange +script: | + import datetime + + # ##### Help ##### + # Triggered Field Name is in: demisto.args()['name'] + # Field's old value is in: demisto.args()['old'] + # Field's new value is in: demisto.args()['new'] + # Printing argument structure: demisto.results(demisto.args()) + + # ##### Configuration ##### + CRITICAL_SLA = 60 # In minutes + NONCRITICAL_SLA = 6 # In days + + # ##### Logic ##### + args_sev = demisto.args()['new'] + now = datetime.datetime.utcnow() + + if args_sev == 'Critical': + demisto.log('Severity changed to Critical') + # newsla = now + datetime.timedelta(days=2) + demisto.executeCommand("setIncident",{'sla': CRITICAL_SLA, "slaField":"remediationsla"}) + + else: + demisto.log('Severity changed to Not Critical' ) + newsla = now + datetime.timedelta(days=NONCRITICAL_SLA) + newsla = newsla.strftime('%Y-%m-%dT%H:%M:%S+00:00') + demisto.executeCommand("setIncident",{'sla': newsla, "slaField":"remediationsla"}) +type: python +tags: +- field-change-triggered +- example +comment: |- + Changes the remediation SLA once a change in incident severity occurs. + This is done automatically and the changes can be configured to your needs. +enabled: true +scripttarget: 0 +runonce: false +runas: DBotRole diff --git a/Scripts/SendEmailOnSLABreach.yml b/Scripts/SendEmailOnSLABreach.yml new file mode 100644 index 000000000000..bbb0f60e65a5 --- /dev/null +++ b/Scripts/SendEmailOnSLABreach.yml @@ -0,0 +1,22 @@ +commonfields: + id: 544f7e7f-a961-4ffb-8743-83be70cb1940 + version: -1 + fromVersion: 4.1 +name: SendEmailOnSLABreach +script: |2- + + ###### Configuration ###### + EMAIL_TO = "someuser@demisto.com" + SUBJECT = "SLA breached!" + BODY = "We have detected a breach in SLA. Check the incident for more details." + + ##### Send Email ##### + demisto.executeCommand("SendEmail", {"to":EMAIL_TO, "subject":SUBJECT, "body":BODY}) +type: python +tags: [] +comment: Sends an email to a user. Can be triggered on SLA breach, and customized + to your needs. +enabled: true +scripttarget: 0 +runonce: false +runas: DBotWeakRole diff --git a/Scripts/StopTimeToAssignOnOwnerChange.yml b/Scripts/StopTimeToAssignOnOwnerChange.yml new file mode 100644 index 000000000000..5cd64e9be202 --- /dev/null +++ b/Scripts/StopTimeToAssignOnOwnerChange.yml @@ -0,0 +1,19 @@ +commonfields: + id: efa042a3-7017-4047-81e3-155e7065c88f + version: -1 + fromVersion: 4.1 +name: StopTimeToAssignOnOwnerChange +script: |2 + + if demisto.args()['old'] == "" and demisto.args()['new'] != "": # If owner was no-one and is now someone: + demisto.executeCommand("stopTimer", {"timerField":"timetoassignment"}) + demisto.results("Assignment of the incident was successful and so the Time To Assignment timer has been stopped.") +type: python +tags: +- field-change-triggered +- example +comment: Stops the "Time To Assign" timer if the owner of the incident was changed. +enabled: true +scripttarget: 0 +runonce: false +runas: DBotWeakRole diff --git a/Widgets/widget-DetectionSLABySLAStatus.json b/Widgets/widget-DetectionSLABySLAStatus.json new file mode 100644 index 000000000000..0f7840c47636 --- /dev/null +++ b/Widgets/widget-DetectionSLABySLAStatus.json @@ -0,0 +1,27 @@ +{ + "id": "detection-sla-by-status", + "version": -1, + "fromVersion": "4.1", + "name": "Detection SLA by Status", + "dataType": "incidents", + "widgetType": "pie", + "query": "-category:job and -detectionsla.runStatus:idle", + "isPredefined": true, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + } + }, + "params":{ + "groupBy":[ + "detectionsla.slaStatus" + ] + }, + "description": "The detection SLA status of all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes." +} \ No newline at end of file diff --git a/Widgets/widget-MeanTimeToDetection.json b/Widgets/widget-MeanTimeToDetection.json new file mode 100644 index 000000000000..80dc04ca5b7c --- /dev/null +++ b/Widgets/widget-MeanTimeToDetection.json @@ -0,0 +1,27 @@ +{ + "id": "mean-time-to-detection", + "version": -1, + "fromVersion": "4.1", + "name": "Mean Time to Detection", + "dataType": "incidents", + "widgetType": "duration", + "query": "-category:job and detectionsla.runStatus:ended", + "isPredefined": true, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + } + }, + "params": { + "keys": [ + "avg|detectionsla.totalDuration" + ] + }, + "description": "The mean time (average time) to detection across all incidents that their severity was determined. The widget takes into account incidents from the last 30 days by default." +} \ No newline at end of file diff --git a/Widgets/widget-MttdByType.json b/Widgets/widget-MttdByType.json new file mode 100644 index 000000000000..09a151a0310b --- /dev/null +++ b/Widgets/widget-MttdByType.json @@ -0,0 +1,26 @@ +{ + "id":"mttd-by-type", + "version":-1, + "fromVersion":"4.1", + "name":"MTTD by Type", + "dataType":"incidents", + "widgetType":"line", + "query":"-category:job and detectionsla.runStatus:ended", + "isPredefined":true, + "dateRange":{ + "fromDate":"0001-01-01T00:00:00Z", + "toDate":"0001-01-01T00:00:00Z", + "period":{ + "byTo":"", + "byFrom":"days", + "toValue":null, + "fromValue":7, + "field":"" + } + }, + "params":{ + "keys":["avg|detectionsla.totalDuration / 60"], + "groupBy" : ["occurred(d)", "type"] + }, + "description": "" +} \ No newline at end of file diff --git a/Widgets/widget-MttrByType.json b/Widgets/widget-MttrByType.json index ad70a935429c..4f9cc7ed1b19 100644 --- a/Widgets/widget-MttrByType.json +++ b/Widgets/widget-MttrByType.json @@ -19,8 +19,8 @@ } }, "params":{ - "keys":["avg|openDuration / (3600*24)"], + "keys":["avg|openDuration / 60"], "groupBy" : ["occurred(d)", "type"] }, "description": "" -} +} \ No newline at end of file diff --git a/Widgets/widget-RemediationSLABySlaStatus.json b/Widgets/widget-RemediationSLABySlaStatus.json new file mode 100644 index 000000000000..e8e270976d39 --- /dev/null +++ b/Widgets/widget-RemediationSLABySlaStatus.json @@ -0,0 +1,27 @@ +{ + "id": "remediation-sla-by-status", + "version": -1, + "fromVersion": "4.1", + "name": "Remediation SLA by Status", + "dataType": "incidents", + "widgetType": "pie", + "query": "-category:job and -remediationsla.runStatus:idle", + "isPredefined": true, + "dateRange": { + "fromDate": "0001-01-01T00:00:00Z", + "toDate": "0001-01-01T00:00:00Z", + "period": { + "byTo": "", + "byFrom": "days", + "toValue": null, + "fromValue": 30, + "field": "" + } + }, + "params":{ + "groupBy":[ + "remediationsla.slaStatus" + ] + }, + "description": "The remediation SLA status of all incidents that started a remediation process. The widget takes into account incidents from the last 30 days by default, and inherits new time range when the dashboard time changes." +} \ No newline at end of file From 2c3a802bf10a75e493e40012e8aa9406f6eb32f0 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Tue, 18 Dec 2018 16:04:53 +0200 Subject: [PATCH 02/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Widgets/widget-MttrByType.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Widgets/widget-MttrByType.json b/Widgets/widget-MttrByType.json index 4f9cc7ed1b19..eab118f706e5 100644 --- a/Widgets/widget-MttrByType.json +++ b/Widgets/widget-MttrByType.json @@ -22,5 +22,6 @@ "keys":["avg|openDuration / 60"], "groupBy" : ["occurred(d)", "type"] }, - "description": "" + "description": "", + "releaseNotes": "New timeline widget" } \ No newline at end of file From 25c47599860148d370732dccc5989528c9f81337 Mon Sep 17 00:00:00 2001 From: bars92 Date: Wed, 19 Dec 2018 13:35:15 +0200 Subject: [PATCH 03/49] add scheme for sla/grid fields --- Tests/schemas/incidentfields.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/Tests/schemas/incidentfields.yml b/Tests/schemas/incidentfields.yml index a86de1405873..3d9661036fe4 100644 --- a/Tests/schemas/incidentfields.yml +++ b/Tests/schemas/incidentfields.yml @@ -64,6 +64,14 @@ schema;field_schema: type: number hidden: type: bool + columns: + type: any + defaultRows: + type: any + threshold: + type: number + sla: + type: number associatedTypes: type: any systemAssociatedTypes: From 94cb8e599b22bb1f4d91fc97590076c59820bd74 Mon Sep 17 00:00:00 2001 From: bars92 Date: Wed, 19 Dec 2018 13:55:16 +0200 Subject: [PATCH 04/49] remove unneeded props --- IncidentFields/incidentfields.json | 159 ----------------------------- Tests/schemas/incidentfields.yml | 4 + 2 files changed, 4 insertions(+), 159 deletions(-) diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 47db6c330340..f218416bb6b8 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1656,17 +1656,7 @@ "id": "incident_remediationsla", "version": 3, "modified": "2018-12-11T12:53:56.816268002Z", - "commitMessage": "Field edited", - "shouldPublish": true, - "shouldCommit": true, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Remediation SLA", - "prevName": "Remediation SLA", "ownerOnly": false, "placeholder": "", "description": "The time it took since remediation of the incident began, and until it ended.", @@ -1693,49 +1683,6 @@ "unmapped": false, "unsearchable": false, "caseInsensitive": true, - "columns": [ - { - "key": "columnheader1", - "displayName": "Column Header 1", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader2", - "displayName": "Column Header 2", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader3", - "displayName": "Column Header 3", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - } - ], - "defaultRows": [ - {}, - {}, - {} - ], "sla": 7200, "threshold": 72, "breachScript": "" @@ -1744,17 +1691,7 @@ "id": "incident_detectionsla", "version": 2, "modified": "2018-12-11T12:53:48.369705659Z", - "commitMessage": "Field edited", - "shouldPublish": true, - "shouldCommit": true, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Detection SLA", - "prevName": "Detection SLA", "ownerOnly": false, "placeholder": "", "description": "The time it took from incident creation until the maliciousness was determined.", @@ -1781,49 +1718,6 @@ "unmapped": false, "unsearchable": false, "caseInsensitive": true, - "columns": [ - { - "key": "columnheader1", - "displayName": "Column Header 1", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader2", - "displayName": "Column Header 2", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader3", - "displayName": "Column Header 3", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - } - ], - "defaultRows": [ - {}, - {}, - {} - ], "sla": 20, "threshold": 72, "breachScript": "" @@ -1832,17 +1726,7 @@ "id": "incident_timetoassignment", "version": 1, "modified": "2018-12-11T12:55:38.305896432Z", - "commitMessage": "Field edited", - "shouldPublish": true, - "shouldCommit": true, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Time to Assignment", - "prevName": "Time to Assignment", "ownerOnly": false, "placeholder": "", "description": "The time it took from when the incident was created until a user was assigned to it.", @@ -1869,49 +1753,6 @@ "unmapped": false, "unsearchable": false, "caseInsensitive": true, - "columns": [ - { - "key": "columnheader1", - "displayName": "Column Header 1", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader2", - "displayName": "Column Header 2", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - }, - { - "key": "columnheader3", - "displayName": "Column Header 3", - "type": "shortText", - "required": false, - "script": "", - "width": 150, - "isDefault": true, - "fieldCalcScript": "", - "isReadOnly": false, - "selectValues": null - } - ], - "defaultRows": [ - {}, - {}, - {} - ], "sla": 0, "threshold": 72, "breachScript": "" diff --git a/Tests/schemas/incidentfields.yml b/Tests/schemas/incidentfields.yml index 3d9661036fe4..74d553b1636f 100644 --- a/Tests/schemas/incidentfields.yml +++ b/Tests/schemas/incidentfields.yml @@ -72,6 +72,10 @@ schema;field_schema: type: number sla: type: number + caseInsensitive: + type: bool + breachScript: + type: str associatedTypes: type: any systemAssociatedTypes: From 6bc35346356e2dd8a1828954ace7e4d411530ef0 Mon Sep 17 00:00:00 2001 From: bars92 Date: Wed, 19 Dec 2018 15:04:36 +0200 Subject: [PATCH 05/49] try fix scheme --- Tests/schemas/playbook.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Tests/schemas/playbook.yml b/Tests/schemas/playbook.yml index a44d4e8d03c5..1a18c3de5681 100644 --- a/Tests/schemas/playbook.yml +++ b/Tests/schemas/playbook.yml @@ -232,6 +232,11 @@ schema;arg_filter_schema: type: bool schema;timertriggers_schema: + type: seq + sequence: + - include: timertrigger_schema + +schema;timertrigger_schema: type: map mapping: fieldName: From 6c1f9c70684d723985d3cfd9e0fb2be52ebb474c Mon Sep 17 00:00:00 2001 From: bars92 Date: Wed, 19 Dec 2018 15:08:41 +0200 Subject: [PATCH 06/49] fix scheme for trigger timers --- Tests/schemas/playbook.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/Tests/schemas/playbook.yml b/Tests/schemas/playbook.yml index 1a18c3de5681..325e0279e476 100644 --- a/Tests/schemas/playbook.yml +++ b/Tests/schemas/playbook.yml @@ -232,14 +232,9 @@ schema;arg_filter_schema: type: bool schema;timertriggers_schema: - type: seq - sequence: - - include: timertrigger_schema - -schema;timertrigger_schema: type: map mapping: - fieldName: + fieldname: type: str action: type: str \ No newline at end of file From a0f323b18e4c5fccbfc5c42c7c5276035c61db9d Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 16:30:33 +0200 Subject: [PATCH 07/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Layouts/layout-details-Phishing.json | 16 ---------------- Layouts/layout-quickView-Phishing.json | 16 ---------------- ...playbook-Phishing_Investigation_-_Generic.yml | 9 +++++++++ 3 files changed, 9 insertions(+), 32 deletions(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 444dee7b716f..963bfe57d029 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,25 +1,9 @@ { - "typeId": "Phishing", - "kind": "details", "layout": { "id": "Phishing", "version": 1, "modified": "2018-12-18T09:26:45.523902097Z", - "commitMessage": "", - "shouldPublish": false, - "shouldCommit": false, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "", - "kind": "details", - "prevKind": "details", - "typeId": "Phishing", - "prevTypeId": "Phishing", - "system": false, "sections": [ { "id": "", diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index a954e20d99f1..0c74157f6fff 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,25 +1,9 @@ { - "typeId": "Phishing", - "kind": "quickView", "layout": { "id": "Phishing", "version": 1, "modified": "2018-12-18T09:27:21.43610162Z", - "commitMessage": "", - "shouldPublish": false, - "shouldCommit": false, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "", - "kind": "quickView", - "prevKind": "quickView", - "typeId": "Phishing", - "prevTypeId": "Phishing", - "system": false, "sections": [ { "id": "", diff --git a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml index fad583685131..a1e7fec1db71 100644 --- a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml +++ b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml @@ -16,6 +16,7 @@ tasks: id: 44927568-9dcf-4acb-84c2-1466eb224729 version: -1 name: "" + description: "" iscommand: false brand: "" nexttasks: @@ -74,6 +75,7 @@ tasks: id: c3cd10bc-d79e-4471-8b28-82613ac05418 version: -1 name: "" + description: "" playbookName: Calculate Severity - Generic type: playbook iscommand: false @@ -267,6 +269,7 @@ tasks: id: ca8ce4fe-c164-447f-872e-7a4ecf2cdbcd version: -1 name: Email Address Enrichment - Generic + description: "" playbookName: Email Address Enrichment - Generic type: playbook iscommand: false @@ -447,6 +450,7 @@ tasks: id: d24700ff-dc15-4f52-8faa-ab74f7d65ae3 version: -1 name: Detonate File - Generic + description: "" playbookName: Detonate File - Generic type: playbook iscommand: false @@ -472,6 +476,7 @@ tasks: id: ecff99fe-b6cf-4306-8609-9ca00a5dcc8f version: -1 name: Entity Enrichment - Generic + description: "" playbookName: Entity Enrichment - Generic type: playbook iscommand: false @@ -497,6 +502,7 @@ tasks: id: 87a23c95-84b5-4343-8a01-d70c6f97702a version: -1 name: Process Email - Generic + description: "" playbookName: Process Email - Generic type: playbook iscommand: false @@ -548,6 +554,7 @@ tasks: id: 2f89f21c-0088-460a-81b2-b0c3f021b89c version: -1 name: Search And Delete Emails - Generic + description: "" playbookName: Search And Delete Emails - Generic type: playbook iscommand: false @@ -700,6 +707,7 @@ tasks: id: cd577642-8baf-4aba-87d9-29f0366aa173 version: -1 name: Extract Indicators From File - Generic + description: "" playbookName: Extract Indicators From File - Generic type: playbook iscommand: false @@ -817,6 +825,7 @@ tasks: id: cfb76a8d-e926-41a3-8036-6d4d54abf96d version: -1 name: Block Indicators - Generic + description: "" playbookName: Block Indicators - Generic type: playbook iscommand: false From 77adbda3629bda69e453775798e07662cae7b36d Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 17:24:48 +0200 Subject: [PATCH 08/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Layouts/layout-details-Phishing.json | 9 +++++++-- Layouts/layout-quickView-Phishing.json | 6 +++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 963bfe57d029..5cf5e4e4e769 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,9 +1,13 @@ { + "typeId": "Phishing", + "kind": "details", "layout": { "id": "Phishing", - "version": 1, + "version": -1, "modified": "2018-12-18T09:26:45.523902097Z", "name": "", + "kind": "details", + "typeId": "Phishing", "sections": [ { "id": "", @@ -616,5 +620,6 @@ "queryType": "" } ] - } + }, + "releaseNotes": "New SLA content" } \ No newline at end of file diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index 0c74157f6fff..d57d0443de04 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,9 +1,13 @@ { + "typeId": "Phishing", + "kind": "quickView", "layout": { "id": "Phishing", - "version": 1, + "version": -1, "modified": "2018-12-18T09:27:21.43610162Z", "name": "", + "kind": "quickView", + "typeId": "Phishing", "sections": [ { "id": "", From 840f2a7f27d0b20c150830cf6002befc8407f39c Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 17:40:03 +0200 Subject: [PATCH 09/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Layouts/layout-details-Phishing.json | 2 -- Layouts/layout-quickView-Phishing.json | 2 -- 2 files changed, 4 deletions(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 5cf5e4e4e769..9b0679b19e12 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -6,8 +6,6 @@ "version": -1, "modified": "2018-12-18T09:26:45.523902097Z", "name": "", - "kind": "details", - "typeId": "Phishing", "sections": [ { "id": "", diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index d57d0443de04..b613a8c2a3a6 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -6,8 +6,6 @@ "version": -1, "modified": "2018-12-18T09:27:21.43610162Z", "name": "", - "kind": "quickView", - "typeId": "Phishing", "sections": [ { "id": "", From 2a6b44e015384f3b8f62741c15f3ba444d86a27b Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 17:41:32 +0200 Subject: [PATCH 10/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Dashboards/dashboard-SLA.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index 4e486565ea7d..e3faf2f1d6b1 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,7 +1,7 @@ { "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", "version": -1, - "fromVersion: 4.1", + "fromVersion": 4.1, "modified": "2018-12-18T08:51:53.305960048Z", "commitMessage": "", "shouldPublish": false, From b6327ce509e88ba7ccacdf0e7e8c927eefefeb2c Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 17:49:27 +0200 Subject: [PATCH 11/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Dashboards/dashboard-SLA.json | 71 +---------------------------------- 1 file changed, 2 insertions(+), 69 deletions(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index e3faf2f1d6b1..a5a745ea1865 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -2,16 +2,8 @@ "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", "version": -1, "fromVersion": 4.1, - "modified": "2018-12-18T08:51:53.305960048Z", - "commitMessage": "", - "shouldPublish": false, "shouldCommit": false, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "fromDate": "0001-01-01T00:00:00Z", "toDate": "0001-01-01T00:00:00Z", "period": { @@ -23,7 +15,6 @@ }, "fromDateLicense": "0001-01-01T00:00:00Z", "name": "SLA", - "prevName": "SLA", "layout": [ { "id": "25a2e8f0-fd4e-11e8-a656-2b6c8cbabaee", @@ -36,18 +27,9 @@ "widget": { "id": "fddd62ff-a411-4e6a-8213-e0277a9b95b5", "version": 1, - "modified": "2018-12-11T14:07:48.30355312Z", - "commitMessage": "", - "shouldPublish": false, "shouldCommit": false, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Mean Time to Detection", - "prevName": "Mean Time to Detection", "dataType": "incidents", "widgetType": "duration", "query": "-category:job and detectionsla.runStatus:ended", @@ -86,18 +68,9 @@ "widget": { "id": "1e54092d-1ed0-47a6-862d-893adc05e612", "version": 1, - "modified": "2018-12-11T14:08:17.885080182Z", - "commitMessage": "", - "shouldPublish": false, "shouldCommit": false, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Detection SLA by Status", - "prevName": "Detection SLA by Status", "dataType": "incidents", "widgetType": "pie", "query": "-category:job and -detectionsla.runStatus:idle", @@ -136,18 +109,9 @@ "widget": { "id": "1767dee0-7f8c-48a5-8988-c58b9e713ab6", "version": 1, - "modified": "2018-12-11T14:08:29.989409603Z", - "commitMessage": "", - "shouldPublish": false, "shouldCommit": false, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Remediation SLA by Status", - "prevName": "Remediation SLA by Status", "dataType": "incidents", "widgetType": "pie", "query": "-category:job and -remediationsla.runStatus:idle", @@ -186,18 +150,9 @@ "widget": { "id": "mean-time-to-resolution", "version": 169, - "modified": "2018-11-18T19:16:55.198631575Z", - "commitMessage": "", - "shouldPublish": false, "shouldCommit": false, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "Mean Time To Resolution", - "prevName": "", "dataType": "incidents", "widgetType": "duration", "query": "-category:job and status:closed", @@ -235,19 +190,10 @@ "h": 2, "widget": { "id": "mttd-by-type", - "version": 1, - "modified": "2018-12-17T14:48:47.850059634Z", - "commitMessage": "Widget imported", - "shouldPublish": true, + "version": 1, , "shouldCommit": true, "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "MTTD by Type", - "prevName": "MTTD by Type", "dataType": "incidents", "widgetType": "line", "query": "-category:job and detectionsla.runStatus:ended", @@ -289,18 +235,7 @@ "widget": { "id": "mttr-by-type", "version": 168, - "modified": "2018-11-18T19:16:55.198656485Z", - "commitMessage": "", - "shouldPublish": false, - "shouldCommit": false, - "shouldPush": false, - "versionedDiff": { - "action": "", - "addedLines": 0, - "deletedLines": 0 - }, "name": "MTTR by Type", - "prevName": "", "dataType": "incidents", "widgetType": "line", "query": "-category:job and status:closed", @@ -332,7 +267,5 @@ } } ], - "isPredefined": false, - "shared": false, - "owner": "idov@demisto.com" + "isPredefined": false } \ No newline at end of file From e7154f86ba424c85eaaea29f44d3518c1afccd60 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 18:09:57 +0200 Subject: [PATCH 12/49] Added new SLA OOB content: - Upgraded phishing layout (summary + quickview) - Added 3 new fields: Detection SLA, Remediation SLA and Time to Assignment - Added a new SLA dashboard with new widgets - Upgraded Phishing Investigation - Generic playbook - now utilizes new SLA features - Added 3 new scripts: 1. A script to change remediation SLA automatically, upon change of severity of incident 2. A script that sends an Email of SLA breach, which can be set to run upon SLA breach 3. A script to change the Time to Assignment field (new field) upon owner change (from empty owner to some new owner) - Added 5 new widgets of many different types, which will be presented in new SLA dashboard: 1. Detection SLA by Status (pie) 2. Remediation SLA by Status (pie) 3. MTTD by Type (timeline) 4. MTTR by Type (timeline) 5. Mean Time to Detection (counter) 6. Mean Time to Resolution (counter) --- Dashboards/dashboard-SLA.json | 4 ++-- IncidentFields/incidentfields.json | 3 +++ Layouts/layout-details-Phishing.json | 1 + Layouts/layout-quickView-Phishing.json | 1 + Scripts/ChangeRemediationSLAOnSevChange.yml | 2 +- Scripts/SendEmailOnSLABreach.yml | 2 +- Scripts/StopTimeToAssignOnOwnerChange.yml | 2 +- Widgets/widget-DetectionSLABySLAStatus.json | 2 +- 8 files changed, 11 insertions(+), 6 deletions(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index a5a745ea1865..8fdc9b8b4fec 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,7 +1,7 @@ { "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", "version": -1, - "fromVersion": 4.1, + "fromVersion": "4.1.0", "shouldCommit": false, "shouldPush": false, "fromDate": "0001-01-01T00:00:00Z", @@ -190,7 +190,7 @@ "h": 2, "widget": { "id": "mttd-by-type", - "version": 1, , + "version": 1, "shouldCommit": true, "shouldPush": false, "name": "MTTD by Type", diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index f218416bb6b8..10189ae316c5 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1655,6 +1655,7 @@ { "id": "incident_remediationsla", "version": 3, + "fromVersion": "4.1.0", "modified": "2018-12-11T12:53:56.816268002Z", "name": "Remediation SLA", "ownerOnly": false, @@ -1690,6 +1691,7 @@ { "id": "incident_detectionsla", "version": 2, + "fromVersion": "4.1.0", "modified": "2018-12-11T12:53:48.369705659Z", "name": "Detection SLA", "ownerOnly": false, @@ -1725,6 +1727,7 @@ { "id": "incident_timetoassignment", "version": 1, + "fromVersion": "4.1.0", "modified": "2018-12-11T12:55:38.305896432Z", "name": "Time to Assignment", "ownerOnly": false, diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 9b0679b19e12..6147d77175b2 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -4,6 +4,7 @@ "layout": { "id": "Phishing", "version": -1, + "fromVersion": "4.1.0", "modified": "2018-12-18T09:26:45.523902097Z", "name": "", "sections": [ diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index b613a8c2a3a6..12c5b5cb816f 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -4,6 +4,7 @@ "layout": { "id": "Phishing", "version": -1, + "fromVersion": "4.1.0", "modified": "2018-12-18T09:27:21.43610162Z", "name": "", "sections": [ diff --git a/Scripts/ChangeRemediationSLAOnSevChange.yml b/Scripts/ChangeRemediationSLAOnSevChange.yml index ad0d3a4cd31a..abdc5d82fb89 100644 --- a/Scripts/ChangeRemediationSLAOnSevChange.yml +++ b/Scripts/ChangeRemediationSLAOnSevChange.yml @@ -1,7 +1,7 @@ commonfields: id: 310ed078-8188-443f-83cc-7cb80c55971d version: -1 - fromVersion: 4.1 + fromVersion: 4.1.0 name: ChangeRemediationSLAOnSevChange script: | import datetime diff --git a/Scripts/SendEmailOnSLABreach.yml b/Scripts/SendEmailOnSLABreach.yml index bbb0f60e65a5..6fb1590c7460 100644 --- a/Scripts/SendEmailOnSLABreach.yml +++ b/Scripts/SendEmailOnSLABreach.yml @@ -1,7 +1,7 @@ commonfields: id: 544f7e7f-a961-4ffb-8743-83be70cb1940 version: -1 - fromVersion: 4.1 + fromVersion: 4.1.0 name: SendEmailOnSLABreach script: |2- diff --git a/Scripts/StopTimeToAssignOnOwnerChange.yml b/Scripts/StopTimeToAssignOnOwnerChange.yml index 5cd64e9be202..d9a4607465d8 100644 --- a/Scripts/StopTimeToAssignOnOwnerChange.yml +++ b/Scripts/StopTimeToAssignOnOwnerChange.yml @@ -1,7 +1,7 @@ commonfields: id: efa042a3-7017-4047-81e3-155e7065c88f version: -1 - fromVersion: 4.1 + fromVersion: 4.1.0 name: StopTimeToAssignOnOwnerChange script: |2 diff --git a/Widgets/widget-DetectionSLABySLAStatus.json b/Widgets/widget-DetectionSLABySLAStatus.json index 0f7840c47636..66275244c421 100644 --- a/Widgets/widget-DetectionSLABySLAStatus.json +++ b/Widgets/widget-DetectionSLABySLAStatus.json @@ -1,7 +1,7 @@ { "id": "detection-sla-by-status", "version": -1, - "fromVersion": "4.1", + "fromVersion": "4.1.0", "name": "Detection SLA by Status", "dataType": "incidents", "widgetType": "pie", From cb9122e3cbf4dc435529f8745c39fb3c0f875eed Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 18:56:15 +0200 Subject: [PATCH 13/49] new incidentfields file for 4.1 and dashboard field changes --- Dashboards/dashboard-SLA.json | 3 +- IncidentFields/incidentfields-4.1.json | 1763 ++++++++++++++++++++++++ 2 files changed, 1764 insertions(+), 2 deletions(-) create mode 100644 IncidentFields/incidentfields-4.1.json diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index 8fdc9b8b4fec..02bb536dd67b 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,9 +1,8 @@ { "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", + "description": "" "version": -1, "fromVersion": "4.1.0", - "shouldCommit": false, - "shouldPush": false, "fromDate": "0001-01-01T00:00:00Z", "toDate": "0001-01-01T00:00:00Z", "period": { diff --git a/IncidentFields/incidentfields-4.1.json b/IncidentFields/incidentfields-4.1.json new file mode 100644 index 000000000000..209f9d76e298 --- /dev/null +++ b/IncidentFields/incidentfields-4.1.json @@ -0,0 +1,1763 @@ +{ + "releaseNotes": "SLA fields added", + "fromVersion": "4.1.0", + "incidentFields": [ + { + "id": "incident_app", + "version": 2, + "modified": "2018-08-23T18:31:06.389092425+03:00", + "name": "App", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "app", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access" + ], + "systemAssociatedTypes": [ + "Access" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_assetid", + "version": 2, + "modified": "2018-08-23T18:31:06.427700464+03:00", + "name": "Asset ID", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "assetid", + "type": "shortText", + "closeForm": true, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmentcount", + "version": 2, + "modified": "2018-08-23T18:31:06.313509514+03:00", + "name": "Attachment Count", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmentcount", + "type": "number", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmentextension", + "version": 2, + "modified": "2018-08-23T18:31:06.316669039+03:00", + "name": "Attachment Extension", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmentextension", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmenthash", + "version": 4, + "modified": "2018-08-23T18:31:06.320408213+03:00", + "name": "Attachment Hash", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmenthash", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmentid", + "version": 2, + "modified": "2018-08-23T18:31:06.323188662+03:00", + "name": "Attachment ID", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmentid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmentname", + "version": 2, + "modified": "2018-08-23T18:31:06.326381385+03:00", + "name": "Attachment Name", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmentname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmentsize", + "version": 2, + "modified": "2018-08-23T18:31:06.329260341+03:00", + "name": "Attachment size", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmentsize", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_attachmenttype", + "version": 2, + "modified": "2018-08-23T18:31:06.332108621+03:00", + "name": "Attachment type", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "attachmenttype", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_bugtraq", + "version": 2, + "modified": "2018-08-23T18:31:06.430765635+03:00", + "name": "Bugtraq", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "bugtraq", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_cve", + "version": 2, + "modified": "2018-08-23T18:31:06.433685165+03:00", + "name": "CVE", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "cve", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_cvss", + "version": 2, + "modified": "2018-08-23T18:31:06.436656554+03:00", + "name": "CVSS", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "cvss", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_dest", + "version": 2, + "modified": "2018-08-23T18:31:06.39174697+03:00", + "name": "Dest", + "ownerOnly": false, + "placeholder": "", + "description": "Destination", + "cliName": "dest", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access", + "Malware" + ], + "systemAssociatedTypes": [ + "Access", + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_destntdomain", + "version": 2, + "modified": "2018-08-23T18:31:06.394843894+03:00", + "name": "Dest NT Domain", + "ownerOnly": false, + "placeholder": "", + "description": "Destination NT Domain", + "cliName": "destntdomain", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access", + "Malware" + ], + "systemAssociatedTypes": [ + "Access", + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_duration", + "version": 2, + "modified": "2018-08-23T18:31:06.397705995+03:00", + "name": "Duration", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "duration", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access" + ], + "systemAssociatedTypes": [ + "Access" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailbcc", + "version": 2, + "modified": "2018-08-23T18:31:06.335010031+03:00", + "name": "Email BCC", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailbcc", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailbody", + "version": 2, + "modified": "2018-08-23T18:31:06.337643992+03:00", + "name": "Email Body", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailbody", + "type": "longText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true + }, + { + "id": "incident_emailbodyformat", + "version": 2, + "modified": "2018-08-23T18:31:06.34104065+03:00", + "name": "Email Body Format", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailbodyformat", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailbodyhtml", + "version": 2, + "modified": "2018-08-23T18:31:06.344156391+03:00", + "name": "Email Body HTML", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailbodyhtml", + "type": "html", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": true + }, + { + "id": "incident_emailcc", + "version": 2, + "modified": "2018-08-23T18:31:06.347108901+03:00", + "name": "Email CC", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailcc", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailclientname", + "version": 2, + "modified": "2018-08-23T18:31:06.349792637+03:00", + "name": "Email Client Name", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailclientname", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailfrom", + "version": 2, + "modified": "2018-08-23T18:31:06.35251857+03:00", + "name": "Email From", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailfrom", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailinreplyto", + "version": 1, + "modified": "2018-09-02T10:53:05.262517498+03:00", + "name": "Email In Reply To", + "ownerOnly": false, + "placeholder": "emailinreplyto", + "description": "The mail to whom you reply", + "cliName": "emailinreplyto", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": null, + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailkeywords", + "version": 2, + "modified": "2018-08-23T18:31:06.355250331+03:00", + "name": "Email Keywords", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailkeywords", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailmessageid", + "version": 2, + "modified": "2018-08-23T18:31:06.358269902+03:00", + "name": "Email Message ID", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailmessageid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailreceived", + "version": 2, + "modified": "2018-08-23T18:31:06.360983117+03:00", + "name": "Email Received", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailreceived", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailreplyto", + "version": 2, + "modified": "2018-08-23T18:31:06.36346759+03:00", + "name": "Email Reply To", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailreplyto", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailreturnpath", + "version": 2, + "modified": "2018-08-23T18:31:06.366098374+03:00", + "name": "Email Return Path", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailreturnpath", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailsenderip", + "version": 2, + "modified": "2018-08-23T18:31:06.368675488+03:00", + "name": "Email Sender IP", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailsenderip", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailsize", + "version": 2, + "modified": "2018-08-23T18:31:06.37171586+03:00", + "name": "Email Size", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailsize", + "type": "number", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailsource", + "version": 2, + "modified": "2018-08-23T18:31:06.375343721+03:00", + "name": "Email Source", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailsource", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailsubject", + "version": 2, + "modified": "2018-08-23T18:31:06.378224888+03:00", + "name": "Email Subject", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailsubject", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailto", + "version": 2, + "modified": "2018-08-23T18:31:06.380974651+03:00", + "name": "Email To", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailto", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailtocount", + "version": 2, + "modified": "2018-08-23T18:31:06.383761983+03:00", + "name": "Email To Count", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailtocount", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_emailurlclicked", + "version": 2, + "modified": "2018-08-23T18:31:06.386379045+03:00", + "name": "Email URL Clicked", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "emailurlclicked", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Phishing" + ], + "systemAssociatedTypes": [ + "Phishing" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_filehash", + "version": 2, + "modified": "2018-08-23T18:31:06.405371418+03:00", + "name": "File Hash", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "filehash", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_filename", + "version": 2, + "modified": "2018-08-23T18:31:06.407952489+03:00", + "name": "File Name", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "filename", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_filepath", + "version": 2, + "modified": "2018-08-23T18:31:06.410700747+03:00", + "name": "File Path", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "filepath", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_malwarefamily", + "version": 2, + "modified": "2018-08-23T18:31:06.416319236+03:00", + "name": "Malware Family", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "malwarefamily", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_signature", + "version": 2, + "modified": "2018-08-23T18:31:06.440145161+03:00", + "name": "Signature", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "signature", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability", + "Malware" + ], + "systemAssociatedTypes": [ + "Vulnerability", + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_src", + "version": 2, + "modified": "2018-08-23T18:31:06.400366431+03:00", + "name": "Src", + "ownerOnly": false, + "placeholder": "", + "description": "Source", + "cliName": "src", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access", + "Malware" + ], + "systemAssociatedTypes": [ + "Access", + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_srcntdomain", + "version": 2, + "modified": "2018-08-23T18:31:06.402950395+03:00", + "name": "Src NT Domain", + "ownerOnly": false, + "placeholder": "", + "description": "Source NT Domain", + "cliName": "srcntdomain", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access" + ], + "systemAssociatedTypes": [ + "Access" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_srcuser", + "version": 2, + "modified": "2018-08-23T18:31:06.42473716+03:00", + "name": "Src User", + "ownerOnly": false, + "placeholder": "", + "description": "Source User", + "cliName": "srcuser", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Access" + ], + "systemAssociatedTypes": [ + "Access" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_user", + "version": 2, + "modified": "2018-08-23T18:31:06.421943082+03:00", + "name": "User", + "ownerOnly": false, + "placeholder": "", + "description": "The user involved", + "cliName": "user", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_vendorid", + "version": 2, + "modified": "2018-08-23T18:31:06.443496625+03:00", + "name": "Vendor ID", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "vendorid", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": [], + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_vendorproduct", + "version": 2, + "modified": "2018-08-23T18:31:06.419089491+03:00", + "name": "Vendor Product", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "vendorproduct", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Malware" + ], + "systemAssociatedTypes": [ + "Malware" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_vulnerabilitycategory", + "version": 2, + "modified": "2018-08-23T18:31:06.446623086+03:00", + "name": "Vulnerability Category", + "ownerOnly": false, + "placeholder": "", + "description": "", + "cliName": "vulnerabilitycategory", + "type": "shortText", + "closeForm": false, + "editForm": true, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": false, + "selectValues": null, + "validationRegex": "", + "useAsKpi": false, + "locked": false, + "system": false, + "content": true, + "group": 0, + "hidden": false, + "associatedTypes": [ + "Vulnerability" + ], + "systemAssociatedTypes": [ + "Vulnerability" + ], + "associatedToAll": false, + "unmapped": false, + "unsearchable": false + }, + { + "id": "incident_remediationsla", + "version": 3, + "modified": "2018-12-11T12:53:56.816268002Z", + "name": "Remediation SLA", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took since remediation of the incident began, and until it ended.", + "cliName": "remediationsla", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": [], + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "sla": 7200, + "threshold": 72, + "breachScript": "" + }, + { + "id": "incident_detectionsla", + "version": 2, + "modified": "2018-12-11T12:53:48.369705659Z", + "name": "Detection SLA", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took from incident creation until the maliciousness was determined.", + "cliName": "detectionsla", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": [], + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": [], + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "sla": 20, + "threshold": 72, + "breachScript": "" + }, + { + "id": "incident_timetoassignment", + "version": 1, + "modified": "2018-12-11T12:55:38.305896432Z", + "name": "Time to Assignment", + "ownerOnly": false, + "placeholder": "", + "description": "The time it took from when the incident was created until a user was assigned to it.", + "cliName": "timetoassignment", + "type": "timer", + "closeForm": false, + "editForm": false, + "required": false, + "script": "", + "fieldCalcScript": "", + "neverSetAsRequired": false, + "isReadOnly": true, + "selectValues": null, + "validationRegex": "", + "useAsKpi": true, + "locked": false, + "system": false, + "content": false, + "group": 0, + "hidden": false, + "associatedTypes": null, + "systemAssociatedTypes": null, + "associatedToAll": true, + "unmapped": false, + "unsearchable": false, + "caseInsensitive": true, + "sla": 0, + "threshold": 72, + "breachScript": "" + } + ] +} + From 62ddbfed7b9e4d21cdb418e61496174ee9767c7d Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 18:59:33 +0200 Subject: [PATCH 14/49] rollback of incidentfields.json due to creation of a new file for 4.1 --- IncidentFields/incidentfields.json | 110 ----------------------------- 1 file changed, 110 deletions(-) diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 10189ae316c5..615bb3b6f755 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1,5 +1,4 @@ { - "releaseNotes": "SLA fields added", "incidentFields": [ { "id": "incident_app", @@ -1651,115 +1650,6 @@ "associatedToAll": false, "unmapped": false, "unsearchable": false - }, - { - "id": "incident_remediationsla", - "version": 3, - "fromVersion": "4.1.0", - "modified": "2018-12-11T12:53:56.816268002Z", - "name": "Remediation SLA", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took since remediation of the incident began, and until it ended.", - "cliName": "remediationsla", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": [], - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": [], - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 7200, - "threshold": 72, - "breachScript": "" - }, - { - "id": "incident_detectionsla", - "version": 2, - "fromVersion": "4.1.0", - "modified": "2018-12-11T12:53:48.369705659Z", - "name": "Detection SLA", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took from incident creation until the maliciousness was determined.", - "cliName": "detectionsla", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": [], - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": [], - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 20, - "threshold": 72, - "breachScript": "" - }, - { - "id": "incident_timetoassignment", - "version": 1, - "fromVersion": "4.1.0", - "modified": "2018-12-11T12:55:38.305896432Z", - "name": "Time to Assignment", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took from when the incident was created until a user was assigned to it.", - "cliName": "timetoassignment", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": null, - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 0, - "threshold": 72, - "breachScript": "" } ] } - From 4ff2ad16c15b07ed512fda5bc93871b9c373c641 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:06:07 +0200 Subject: [PATCH 15/49] deleted unnecessary fromVersion fields --- IncidentFields/incidentfields.json | 1 + Layouts/layout-details-Phishing.json | 1 - Layouts/layout-quickView-Phishing.json | 1 - 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 615bb3b6f755..2fea34aac807 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1,4 +1,5 @@ { + "releaseNotes": "nothing new", "incidentFields": [ { "id": "incident_app", diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 6147d77175b2..9b0679b19e12 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -4,7 +4,6 @@ "layout": { "id": "Phishing", "version": -1, - "fromVersion": "4.1.0", "modified": "2018-12-18T09:26:45.523902097Z", "name": "", "sections": [ diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index 12c5b5cb816f..b613a8c2a3a6 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -4,7 +4,6 @@ "layout": { "id": "Phishing", "version": -1, - "fromVersion": "4.1.0", "modified": "2018-12-18T09:27:21.43610162Z", "name": "", "sections": [ From 468321b8629b6abf7963a19b96b490f353976945 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:07:24 +0200 Subject: [PATCH 16/49] added comma --- Dashboards/dashboard-SLA.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index 02bb536dd67b..cdbd25ffff81 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,6 +1,6 @@ { "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", - "description": "" + "description": "", "version": -1, "fromVersion": "4.1.0", "fromDate": "0001-01-01T00:00:00Z", From ec6ac4592ebf2bdd96beffa0dba869b7dd6da133 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:10:37 +0200 Subject: [PATCH 17/49] added comma --- Layouts/layout-details-Phishing.json | 3 ++- Layouts/layout-quickView-Phishing.json | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 9b0679b19e12..16be74c608ba 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,4 +1,6 @@ { + "releaseNotes": "New SLA content", + "description": "Phishing layout", "typeId": "Phishing", "kind": "details", "layout": { @@ -619,5 +621,4 @@ } ] }, - "releaseNotes": "New SLA content" } \ No newline at end of file diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index b613a8c2a3a6..5c5fcffad8bc 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,4 +1,6 @@ { + "releaseNotes": "Added SLAs for quickview", + "description": "Phishing Quickview", "typeId": "Phishing", "kind": "quickView", "layout": { From 087c70ca1b3148c13167473d10f38ef22b97d477 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:12:51 +0200 Subject: [PATCH 18/49] comma? --- Layouts/layout-details-Phishing.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 16be74c608ba..00d405b1f2e4 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -620,5 +620,5 @@ "queryType": "" } ] - }, + } } \ No newline at end of file From 2aaa12133dbf4308c8289809c2bd5fce2b39c505 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:14:21 +0200 Subject: [PATCH 19/49] comma? --- Layouts/layout-details-Phishing.json | 1 - Layouts/layout-quickView-Phishing.json | 1 - 2 files changed, 2 deletions(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 00d405b1f2e4..9c642ac20fb1 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,6 +1,5 @@ { "releaseNotes": "New SLA content", - "description": "Phishing layout", "typeId": "Phishing", "kind": "details", "layout": { diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index 5c5fcffad8bc..9fddd11cc64b 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,6 +1,5 @@ { "releaseNotes": "Added SLAs for quickview", - "description": "Phishing Quickview", "typeId": "Phishing", "kind": "quickView", "layout": { From fcaf6fa6a7f88c95d8a5558923029313cde9e134 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:29:31 +0200 Subject: [PATCH 20/49] descriptions added AGAIN --- Layouts/layout-details-Phishing.json | 1 + Layouts/layout-quickView-Phishing.json | 1 + 2 files changed, 2 insertions(+) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 9c642ac20fb1..00d405b1f2e4 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,5 +1,6 @@ { "releaseNotes": "New SLA content", + "description": "Phishing layout", "typeId": "Phishing", "kind": "details", "layout": { diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index 9fddd11cc64b..5c5fcffad8bc 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,5 +1,6 @@ { "releaseNotes": "Added SLAs for quickview", + "description": "Phishing Quickview", "typeId": "Phishing", "kind": "quickView", "layout": { From 350439c7554f8b50fa33d9f174ccf30847fadcfb Mon Sep 17 00:00:00 2001 From: idovandijk Date: Wed, 19 Dec 2018 19:37:21 +0200 Subject: [PATCH 21/49] removed description again --- Layouts/layout-details-Phishing.json | 1 - Layouts/layout-quickView-Phishing.json | 1 - 2 files changed, 2 deletions(-) diff --git a/Layouts/layout-details-Phishing.json b/Layouts/layout-details-Phishing.json index 00d405b1f2e4..9c642ac20fb1 100644 --- a/Layouts/layout-details-Phishing.json +++ b/Layouts/layout-details-Phishing.json @@ -1,6 +1,5 @@ { "releaseNotes": "New SLA content", - "description": "Phishing layout", "typeId": "Phishing", "kind": "details", "layout": { diff --git a/Layouts/layout-quickView-Phishing.json b/Layouts/layout-quickView-Phishing.json index 5c5fcffad8bc..9fddd11cc64b 100644 --- a/Layouts/layout-quickView-Phishing.json +++ b/Layouts/layout-quickView-Phishing.json @@ -1,6 +1,5 @@ { "releaseNotes": "Added SLAs for quickview", - "description": "Phishing Quickview", "typeId": "Phishing", "kind": "quickView", "layout": { From fa2cf98db0a6739c19beb95144b85fdb2c1460b2 Mon Sep 17 00:00:00 2001 From: bars92 Date: Wed, 19 Dec 2018 20:01:01 +0200 Subject: [PATCH 22/49] add quickview layout --- release_notes.py | 1 + 1 file changed, 1 insertion(+) diff --git a/release_notes.py b/release_notes.py index b6fc8a1a3a88..40553a716608 100644 --- a/release_notes.py +++ b/release_notes.py @@ -17,6 +17,7 @@ "details": "Summary", "edit": "New/Edit", "close": "Close", + "quickView": "Quick View", } INTEGRATIONS_DIR = "Integrations" From 8a2963c1735cf523fb3e5fc8cbdc6f030304cf5c Mon Sep 17 00:00:00 2001 From: idovandijk Date: Thu, 20 Dec 2018 12:12:37 +0200 Subject: [PATCH 23/49] Fixed descriptions and release notes --- Dashboards/dashboard-SLA.json | 2 +- IncidentFields/incidentfields.json | 1 - Widgets/widget-MttdByType.json | 2 +- Widgets/widget-MttrByType.json | 4 ++-- 4 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index cdbd25ffff81..ee3990cd89ef 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,6 +1,6 @@ { "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", - "description": "", + "description": "A new dashboard to give you a good overview of your SLAs.", "version": -1, "fromVersion": "4.1.0", "fromDate": "0001-01-01T00:00:00Z", diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 2fea34aac807..615bb3b6f755 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1,5 +1,4 @@ { - "releaseNotes": "nothing new", "incidentFields": [ { "id": "incident_app", diff --git a/Widgets/widget-MttdByType.json b/Widgets/widget-MttdByType.json index 09a151a0310b..6469463a61cf 100644 --- a/Widgets/widget-MttdByType.json +++ b/Widgets/widget-MttdByType.json @@ -22,5 +22,5 @@ "keys":["avg|detectionsla.totalDuration / 60"], "groupBy" : ["occurred(d)", "type"] }, - "description": "" + "description": "A widget that shows the Mean Time to Detection, by incident type." } \ No newline at end of file diff --git a/Widgets/widget-MttrByType.json b/Widgets/widget-MttrByType.json index eab118f706e5..ebe52900f03f 100644 --- a/Widgets/widget-MttrByType.json +++ b/Widgets/widget-MttrByType.json @@ -22,6 +22,6 @@ "keys":["avg|openDuration / 60"], "groupBy" : ["occurred(d)", "type"] }, - "description": "", - "releaseNotes": "New timeline widget" + "description": "Shows changes in Mean Time to Resolution, over time, while differentiating between incident types.", + "releaseNotes": "MTTR now also in timeline widget" } \ No newline at end of file From bc86211e39d2367a735c808ddaef73433cc87f83 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Thu, 20 Dec 2018 12:15:28 +0200 Subject: [PATCH 24/49] Fixed descriptions and release notes --- IncidentFields/incidentfields.json | 1 + 1 file changed, 1 insertion(+) diff --git a/IncidentFields/incidentfields.json b/IncidentFields/incidentfields.json index 615bb3b6f755..30bb9b0318aa 100644 --- a/IncidentFields/incidentfields.json +++ b/IncidentFields/incidentfields.json @@ -1,4 +1,5 @@ { + "releaseNotes": "-", "incidentFields": [ { "id": "incident_app", From 7a66de6e537e80f0cc0bc883f30dbfec8fde3456 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Sun, 23 Dec 2018 16:16:51 +0200 Subject: [PATCH 25/49] Fixed some fields and seperated incidentfield files to 3 different files, one for each new field. --- Dashboards/dashboard-SLA.json | 2 +- .../incidentfield-detectionsla.json | 36 + .../incidentfield-remediationsla.json | 36 + .../incidentfield-timetoassignment.json | 36 + IncidentFields/incidentfields-4.1.json | 1763 ----------------- ...cript-ChangeRemediationSLAOnSevChange.yml} | 4 +- ...ch.yml => script-SendEmailOnSLABreach.yml} | 6 +- ... script-StopTimeToAssignOnOwnerChange.yml} | 6 +- 8 files changed, 117 insertions(+), 1772 deletions(-) create mode 100644 IncidentFields/incidentfield-detectionsla.json create mode 100644 IncidentFields/incidentfield-remediationsla.json create mode 100644 IncidentFields/incidentfield-timetoassignment.json delete mode 100644 IncidentFields/incidentfields-4.1.json rename Scripts/{ChangeRemediationSLAOnSevChange.yml => script-ChangeRemediationSLAOnSevChange.yml} (95%) rename Scripts/{SendEmailOnSLABreach.yml => script-SendEmailOnSLABreach.yml} (87%) rename Scripts/{StopTimeToAssignOnOwnerChange.yml => script-StopTimeToAssignOnOwnerChange.yml} (88%) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index ee3990cd89ef..80d8817d7568 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -1,5 +1,5 @@ { - "id": "2b542873-793f-4eaa-8114-d855bb49cbc9", + "id": "sla-dashboard", "description": "A new dashboard to give you a good overview of your SLAs.", "version": -1, "fromVersion": "4.1.0", diff --git a/IncidentFields/incidentfield-detectionsla.json b/IncidentFields/incidentfield-detectionsla.json new file mode 100644 index 000000000000..15570d132a85 --- /dev/null +++ b/IncidentFields/incidentfield-detectionsla.json @@ -0,0 +1,36 @@ +{ + "closeForm": false, + "cliName": "detectionsla", + "fromVersion": "4.1.0", + "neverSetAsRequired": false, + "threshold": 72, + "id": "incident_detectionsla", + "group": 0, + "script": "", + "isReadOnly": true, + "system": false, + "content": true, + "unsearchable": false, + "version": -1, + "unmapped": false, + "hidden": false, + "type": "timer", + "editForm": false, + "description": "The time it took from incident creation until the maliciousness was determined.", + "associatedToAll": true, + "breachScript": "", + "associatedTypes": [], + "caseInsensitive": true, + "placeholder": "", + "useAsKpi": true, + "systemAssociatedTypes": null, + "locked": false, + "name": "Detection SLA", + "ownerOnly": false, + "required": false, + "modified": "2018-12-11T12:53:48.369705659Z", + "fieldCalcScript": "", + "selectValues": [], + "validationRegex": "", + "sla": 20 +} \ No newline at end of file diff --git a/IncidentFields/incidentfield-remediationsla.json b/IncidentFields/incidentfield-remediationsla.json new file mode 100644 index 000000000000..b7a6c9fad2fd --- /dev/null +++ b/IncidentFields/incidentfield-remediationsla.json @@ -0,0 +1,36 @@ +{ + "closeForm": false, + "fromVersion": "4.1.0", + "cliName": "remediationsla", + "neverSetAsRequired": false, + "threshold": 72, + "id": "incident_remediationsla", + "group": 0, + "script": "", + "isReadOnly": true, + "system": false, + "content": true, + "unsearchable": false, + "version": -1, + "unmapped": false, + "hidden": false, + "type": "timer", + "editForm": false, + "description": "The time it took since remediation of the incident began, and until it ended.", + "associatedToAll": true, + "breachScript": "", + "associatedTypes": [], + "caseInsensitive": true, + "placeholder": "", + "useAsKpi": true, + "systemAssociatedTypes": null, + "locked": false, + "name": "Remediation SLA", + "ownerOnly": false, + "required": false, + "modified": "2018-12-11T12:53:56.816268002Z", + "fieldCalcScript": "", + "selectValues": [], + "validationRegex": "", + "sla": 7200 + } \ No newline at end of file diff --git a/IncidentFields/incidentfield-timetoassignment.json b/IncidentFields/incidentfield-timetoassignment.json new file mode 100644 index 000000000000..4af7fdbc9c04 --- /dev/null +++ b/IncidentFields/incidentfield-timetoassignment.json @@ -0,0 +1,36 @@ +{ + "closeForm": false, + "cliName": "timetoassignment", + "fromVersion": "4.1.0", + "neverSetAsRequired": false, + "threshold": 72, + "id": "incident_timetoassignment", + "group": 0, + "script": "", + "isReadOnly": true, + "system": false, + "content": true, + "unsearchable": false, + "version": -1, + "unmapped": false, + "hidden": false, + "type": "timer", + "editForm": false, + "description": "The time it took from when the incident was created until a user was assigned to it.", + "associatedToAll": true, + "breachScript": "", + "associatedTypes": null, + "caseInsensitive": true, + "placeholder": "", + "useAsKpi": true, + "systemAssociatedTypes": null, + "locked": false, + "name": "Time to Assignment", + "ownerOnly": false, + "required": false, + "modified": "2018-12-11T12:55:38.305896432Z", + "fieldCalcScript": "", + "selectValues": null, + "validationRegex": "", + "sla": 0 +} \ No newline at end of file diff --git a/IncidentFields/incidentfields-4.1.json b/IncidentFields/incidentfields-4.1.json deleted file mode 100644 index 209f9d76e298..000000000000 --- a/IncidentFields/incidentfields-4.1.json +++ /dev/null @@ -1,1763 +0,0 @@ -{ - "releaseNotes": "SLA fields added", - "fromVersion": "4.1.0", - "incidentFields": [ - { - "id": "incident_app", - "version": 2, - "modified": "2018-08-23T18:31:06.389092425+03:00", - "name": "App", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "app", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access" - ], - "systemAssociatedTypes": [ - "Access" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_assetid", - "version": 2, - "modified": "2018-08-23T18:31:06.427700464+03:00", - "name": "Asset ID", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "assetid", - "type": "shortText", - "closeForm": true, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmentcount", - "version": 2, - "modified": "2018-08-23T18:31:06.313509514+03:00", - "name": "Attachment Count", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmentcount", - "type": "number", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmentextension", - "version": 2, - "modified": "2018-08-23T18:31:06.316669039+03:00", - "name": "Attachment Extension", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmentextension", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmenthash", - "version": 4, - "modified": "2018-08-23T18:31:06.320408213+03:00", - "name": "Attachment Hash", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmenthash", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmentid", - "version": 2, - "modified": "2018-08-23T18:31:06.323188662+03:00", - "name": "Attachment ID", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmentid", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmentname", - "version": 2, - "modified": "2018-08-23T18:31:06.326381385+03:00", - "name": "Attachment Name", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmentname", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmentsize", - "version": 2, - "modified": "2018-08-23T18:31:06.329260341+03:00", - "name": "Attachment size", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmentsize", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_attachmenttype", - "version": 2, - "modified": "2018-08-23T18:31:06.332108621+03:00", - "name": "Attachment type", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "attachmenttype", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_bugtraq", - "version": 2, - "modified": "2018-08-23T18:31:06.430765635+03:00", - "name": "Bugtraq", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "bugtraq", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_cve", - "version": 2, - "modified": "2018-08-23T18:31:06.433685165+03:00", - "name": "CVE", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "cve", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_cvss", - "version": 2, - "modified": "2018-08-23T18:31:06.436656554+03:00", - "name": "CVSS", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "cvss", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_dest", - "version": 2, - "modified": "2018-08-23T18:31:06.39174697+03:00", - "name": "Dest", - "ownerOnly": false, - "placeholder": "", - "description": "Destination", - "cliName": "dest", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access", - "Malware" - ], - "systemAssociatedTypes": [ - "Access", - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_destntdomain", - "version": 2, - "modified": "2018-08-23T18:31:06.394843894+03:00", - "name": "Dest NT Domain", - "ownerOnly": false, - "placeholder": "", - "description": "Destination NT Domain", - "cliName": "destntdomain", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access", - "Malware" - ], - "systemAssociatedTypes": [ - "Access", - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_duration", - "version": 2, - "modified": "2018-08-23T18:31:06.397705995+03:00", - "name": "Duration", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "duration", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access" - ], - "systemAssociatedTypes": [ - "Access" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailbcc", - "version": 2, - "modified": "2018-08-23T18:31:06.335010031+03:00", - "name": "Email BCC", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailbcc", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailbody", - "version": 2, - "modified": "2018-08-23T18:31:06.337643992+03:00", - "name": "Email Body", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailbody", - "type": "longText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": true - }, - { - "id": "incident_emailbodyformat", - "version": 2, - "modified": "2018-08-23T18:31:06.34104065+03:00", - "name": "Email Body Format", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailbodyformat", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailbodyhtml", - "version": 2, - "modified": "2018-08-23T18:31:06.344156391+03:00", - "name": "Email Body HTML", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailbodyhtml", - "type": "html", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": true - }, - { - "id": "incident_emailcc", - "version": 2, - "modified": "2018-08-23T18:31:06.347108901+03:00", - "name": "Email CC", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailcc", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailclientname", - "version": 2, - "modified": "2018-08-23T18:31:06.349792637+03:00", - "name": "Email Client Name", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailclientname", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailfrom", - "version": 2, - "modified": "2018-08-23T18:31:06.35251857+03:00", - "name": "Email From", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailfrom", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailinreplyto", - "version": 1, - "modified": "2018-09-02T10:53:05.262517498+03:00", - "name": "Email In Reply To", - "ownerOnly": false, - "placeholder": "emailinreplyto", - "description": "The mail to whom you reply", - "cliName": "emailinreplyto", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": null, - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailkeywords", - "version": 2, - "modified": "2018-08-23T18:31:06.355250331+03:00", - "name": "Email Keywords", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailkeywords", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailmessageid", - "version": 2, - "modified": "2018-08-23T18:31:06.358269902+03:00", - "name": "Email Message ID", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailmessageid", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailreceived", - "version": 2, - "modified": "2018-08-23T18:31:06.360983117+03:00", - "name": "Email Received", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailreceived", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailreplyto", - "version": 2, - "modified": "2018-08-23T18:31:06.36346759+03:00", - "name": "Email Reply To", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailreplyto", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailreturnpath", - "version": 2, - "modified": "2018-08-23T18:31:06.366098374+03:00", - "name": "Email Return Path", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailreturnpath", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailsenderip", - "version": 2, - "modified": "2018-08-23T18:31:06.368675488+03:00", - "name": "Email Sender IP", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailsenderip", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailsize", - "version": 2, - "modified": "2018-08-23T18:31:06.37171586+03:00", - "name": "Email Size", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailsize", - "type": "number", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailsource", - "version": 2, - "modified": "2018-08-23T18:31:06.375343721+03:00", - "name": "Email Source", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailsource", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailsubject", - "version": 2, - "modified": "2018-08-23T18:31:06.378224888+03:00", - "name": "Email Subject", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailsubject", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailto", - "version": 2, - "modified": "2018-08-23T18:31:06.380974651+03:00", - "name": "Email To", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailto", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailtocount", - "version": 2, - "modified": "2018-08-23T18:31:06.383761983+03:00", - "name": "Email To Count", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailtocount", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_emailurlclicked", - "version": 2, - "modified": "2018-08-23T18:31:06.386379045+03:00", - "name": "Email URL Clicked", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "emailurlclicked", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Phishing" - ], - "systemAssociatedTypes": [ - "Phishing" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_filehash", - "version": 2, - "modified": "2018-08-23T18:31:06.405371418+03:00", - "name": "File Hash", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "filehash", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_filename", - "version": 2, - "modified": "2018-08-23T18:31:06.407952489+03:00", - "name": "File Name", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "filename", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_filepath", - "version": 2, - "modified": "2018-08-23T18:31:06.410700747+03:00", - "name": "File Path", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "filepath", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_malwarefamily", - "version": 2, - "modified": "2018-08-23T18:31:06.416319236+03:00", - "name": "Malware Family", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "malwarefamily", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_signature", - "version": 2, - "modified": "2018-08-23T18:31:06.440145161+03:00", - "name": "Signature", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "signature", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability", - "Malware" - ], - "systemAssociatedTypes": [ - "Vulnerability", - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_src", - "version": 2, - "modified": "2018-08-23T18:31:06.400366431+03:00", - "name": "Src", - "ownerOnly": false, - "placeholder": "", - "description": "Source", - "cliName": "src", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access", - "Malware" - ], - "systemAssociatedTypes": [ - "Access", - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_srcntdomain", - "version": 2, - "modified": "2018-08-23T18:31:06.402950395+03:00", - "name": "Src NT Domain", - "ownerOnly": false, - "placeholder": "", - "description": "Source NT Domain", - "cliName": "srcntdomain", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access" - ], - "systemAssociatedTypes": [ - "Access" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_srcuser", - "version": 2, - "modified": "2018-08-23T18:31:06.42473716+03:00", - "name": "Src User", - "ownerOnly": false, - "placeholder": "", - "description": "Source User", - "cliName": "srcuser", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Access" - ], - "systemAssociatedTypes": [ - "Access" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_user", - "version": 2, - "modified": "2018-08-23T18:31:06.421943082+03:00", - "name": "User", - "ownerOnly": false, - "placeholder": "", - "description": "The user involved", - "cliName": "user", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_vendorid", - "version": 2, - "modified": "2018-08-23T18:31:06.443496625+03:00", - "name": "Vendor ID", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "vendorid", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": [], - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_vendorproduct", - "version": 2, - "modified": "2018-08-23T18:31:06.419089491+03:00", - "name": "Vendor Product", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "vendorproduct", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Malware" - ], - "systemAssociatedTypes": [ - "Malware" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_vulnerabilitycategory", - "version": 2, - "modified": "2018-08-23T18:31:06.446623086+03:00", - "name": "Vulnerability Category", - "ownerOnly": false, - "placeholder": "", - "description": "", - "cliName": "vulnerabilitycategory", - "type": "shortText", - "closeForm": false, - "editForm": true, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": false, - "selectValues": null, - "validationRegex": "", - "useAsKpi": false, - "locked": false, - "system": false, - "content": true, - "group": 0, - "hidden": false, - "associatedTypes": [ - "Vulnerability" - ], - "systemAssociatedTypes": [ - "Vulnerability" - ], - "associatedToAll": false, - "unmapped": false, - "unsearchable": false - }, - { - "id": "incident_remediationsla", - "version": 3, - "modified": "2018-12-11T12:53:56.816268002Z", - "name": "Remediation SLA", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took since remediation of the incident began, and until it ended.", - "cliName": "remediationsla", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": [], - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": [], - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 7200, - "threshold": 72, - "breachScript": "" - }, - { - "id": "incident_detectionsla", - "version": 2, - "modified": "2018-12-11T12:53:48.369705659Z", - "name": "Detection SLA", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took from incident creation until the maliciousness was determined.", - "cliName": "detectionsla", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": [], - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": [], - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 20, - "threshold": 72, - "breachScript": "" - }, - { - "id": "incident_timetoassignment", - "version": 1, - "modified": "2018-12-11T12:55:38.305896432Z", - "name": "Time to Assignment", - "ownerOnly": false, - "placeholder": "", - "description": "The time it took from when the incident was created until a user was assigned to it.", - "cliName": "timetoassignment", - "type": "timer", - "closeForm": false, - "editForm": false, - "required": false, - "script": "", - "fieldCalcScript": "", - "neverSetAsRequired": false, - "isReadOnly": true, - "selectValues": null, - "validationRegex": "", - "useAsKpi": true, - "locked": false, - "system": false, - "content": false, - "group": 0, - "hidden": false, - "associatedTypes": null, - "systemAssociatedTypes": null, - "associatedToAll": true, - "unmapped": false, - "unsearchable": false, - "caseInsensitive": true, - "sla": 0, - "threshold": 72, - "breachScript": "" - } - ] -} - diff --git a/Scripts/ChangeRemediationSLAOnSevChange.yml b/Scripts/script-ChangeRemediationSLAOnSevChange.yml similarity index 95% rename from Scripts/ChangeRemediationSLAOnSevChange.yml rename to Scripts/script-ChangeRemediationSLAOnSevChange.yml index abdc5d82fb89..795017ad7f82 100644 --- a/Scripts/ChangeRemediationSLAOnSevChange.yml +++ b/Scripts/script-ChangeRemediationSLAOnSevChange.yml @@ -1,7 +1,7 @@ +fromversion: 4.1.0 commonfields: - id: 310ed078-8188-443f-83cc-7cb80c55971d + id: changeremediationslaonsevchange version: -1 - fromVersion: 4.1.0 name: ChangeRemediationSLAOnSevChange script: | import datetime diff --git a/Scripts/SendEmailOnSLABreach.yml b/Scripts/script-SendEmailOnSLABreach.yml similarity index 87% rename from Scripts/SendEmailOnSLABreach.yml rename to Scripts/script-SendEmailOnSLABreach.yml index 6fb1590c7460..f8724785562b 100644 --- a/Scripts/SendEmailOnSLABreach.yml +++ b/Scripts/script-SendEmailOnSLABreach.yml @@ -1,9 +1,9 @@ +fromversion: 4.1.0 commonfields: - id: 544f7e7f-a961-4ffb-8743-83be70cb1940 + id: sendemailonslabreach version: -1 - fromVersion: 4.1.0 name: SendEmailOnSLABreach -script: |2- +script: | ###### Configuration ###### EMAIL_TO = "someuser@demisto.com" diff --git a/Scripts/StopTimeToAssignOnOwnerChange.yml b/Scripts/script-StopTimeToAssignOnOwnerChange.yml similarity index 88% rename from Scripts/StopTimeToAssignOnOwnerChange.yml rename to Scripts/script-StopTimeToAssignOnOwnerChange.yml index d9a4607465d8..4ba4b4db5fd6 100644 --- a/Scripts/StopTimeToAssignOnOwnerChange.yml +++ b/Scripts/script-StopTimeToAssignOnOwnerChange.yml @@ -1,9 +1,9 @@ +fromversion: 4.1.0 commonfields: - id: efa042a3-7017-4047-81e3-155e7065c88f + id: stoptimetoassignonownerchange version: -1 - fromVersion: 4.1.0 name: StopTimeToAssignOnOwnerChange -script: |2 +script: | if demisto.args()['old'] == "" and demisto.args()['new'] != "": # If owner was no-one and is now someone: demisto.executeCommand("stopTimer", {"timerField":"timetoassignment"}) From 0cc69650d39d694ce9ea0028ecc61fa45a4747fb Mon Sep 17 00:00:00 2001 From: idovandijk Date: Sun, 23 Dec 2018 16:24:51 +0200 Subject: [PATCH 26/49] tests --- Scripts/script-ChangeRemediationSLAOnSevChange.yml | 2 ++ Scripts/script-SendEmailOnSLABreach.yml | 2 ++ Scripts/script-StopTimeToAssignOnOwnerChange.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/Scripts/script-ChangeRemediationSLAOnSevChange.yml b/Scripts/script-ChangeRemediationSLAOnSevChange.yml index 795017ad7f82..9aa44fb9b767 100644 --- a/Scripts/script-ChangeRemediationSLAOnSevChange.yml +++ b/Scripts/script-ChangeRemediationSLAOnSevChange.yml @@ -41,3 +41,5 @@ enabled: true scripttarget: 0 runonce: false runas: DBotRole +tests: + - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file diff --git a/Scripts/script-SendEmailOnSLABreach.yml b/Scripts/script-SendEmailOnSLABreach.yml index f8724785562b..c64b630644a0 100644 --- a/Scripts/script-SendEmailOnSLABreach.yml +++ b/Scripts/script-SendEmailOnSLABreach.yml @@ -20,3 +20,5 @@ enabled: true scripttarget: 0 runonce: false runas: DBotWeakRole +tests: + - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file diff --git a/Scripts/script-StopTimeToAssignOnOwnerChange.yml b/Scripts/script-StopTimeToAssignOnOwnerChange.yml index 4ba4b4db5fd6..571fed4695cd 100644 --- a/Scripts/script-StopTimeToAssignOnOwnerChange.yml +++ b/Scripts/script-StopTimeToAssignOnOwnerChange.yml @@ -17,3 +17,5 @@ enabled: true scripttarget: 0 runonce: false runas: DBotWeakRole +tests: + - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file From 64ac9f280ad26d19839aa97131d50177af7ad1bb Mon Sep 17 00:00:00 2001 From: idovandijk Date: Sun, 23 Dec 2018 16:28:50 +0200 Subject: [PATCH 27/49] Added release notes --- IncidentFields/incidentfield-detectionsla.json | 3 ++- IncidentFields/incidentfield-remediationsla.json | 3 ++- IncidentFields/incidentfield-timetoassignment.json | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/IncidentFields/incidentfield-detectionsla.json b/IncidentFields/incidentfield-detectionsla.json index 15570d132a85..5464e1897cb9 100644 --- a/IncidentFields/incidentfield-detectionsla.json +++ b/IncidentFields/incidentfield-detectionsla.json @@ -32,5 +32,6 @@ "fieldCalcScript": "", "selectValues": [], "validationRegex": "", - "sla": 20 + "sla": 20, + "releaseNotes": "Added Detection SLA field" } \ No newline at end of file diff --git a/IncidentFields/incidentfield-remediationsla.json b/IncidentFields/incidentfield-remediationsla.json index b7a6c9fad2fd..6c2de87485a7 100644 --- a/IncidentFields/incidentfield-remediationsla.json +++ b/IncidentFields/incidentfield-remediationsla.json @@ -32,5 +32,6 @@ "fieldCalcScript": "", "selectValues": [], "validationRegex": "", - "sla": 7200 + "sla": 7200, + "releaseNotes": "Added Remediation SLA field" } \ No newline at end of file diff --git a/IncidentFields/incidentfield-timetoassignment.json b/IncidentFields/incidentfield-timetoassignment.json index 4af7fdbc9c04..36bf72fd999a 100644 --- a/IncidentFields/incidentfield-timetoassignment.json +++ b/IncidentFields/incidentfield-timetoassignment.json @@ -32,5 +32,6 @@ "fieldCalcScript": "", "selectValues": null, "validationRegex": "", - "sla": 0 + "sla": 0, + "releaseNotes": "Added Time to Assignment field" } \ No newline at end of file From aaaab6ebb0203f5617ca18d5516aa663a3b0ddd7 Mon Sep 17 00:00:00 2001 From: idovandijk Date: Mon, 24 Dec 2018 11:36:44 +0200 Subject: [PATCH 28/49] removed dev-prod fields --- Dashboards/dashboard-SLA.json | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index 80d8817d7568..f4454a391890 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -26,8 +26,6 @@ "widget": { "id": "fddd62ff-a411-4e6a-8213-e0277a9b95b5", "version": 1, - "shouldCommit": false, - "shouldPush": false, "name": "Mean Time to Detection", "dataType": "incidents", "widgetType": "duration", @@ -67,8 +65,6 @@ "widget": { "id": "1e54092d-1ed0-47a6-862d-893adc05e612", "version": 1, - "shouldCommit": false, - "shouldPush": false, "name": "Detection SLA by Status", "dataType": "incidents", "widgetType": "pie", @@ -108,8 +104,6 @@ "widget": { "id": "1767dee0-7f8c-48a5-8988-c58b9e713ab6", "version": 1, - "shouldCommit": false, - "shouldPush": false, "name": "Remediation SLA by Status", "dataType": "incidents", "widgetType": "pie", @@ -149,8 +143,6 @@ "widget": { "id": "mean-time-to-resolution", "version": 169, - "shouldCommit": false, - "shouldPush": false, "name": "Mean Time To Resolution", "dataType": "incidents", "widgetType": "duration", @@ -190,8 +182,6 @@ "widget": { "id": "mttd-by-type", "version": 1, - "shouldCommit": true, - "shouldPush": false, "name": "MTTD by Type", "dataType": "incidents", "widgetType": "line", From 7ca78cf540e21124a9789d21b72591378ef38516 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Tue, 25 Dec 2018 20:39:44 +0200 Subject: [PATCH 29/49] Added phishing investigation playbook file, to support pre-4.1 versions. --- ...k-Phishing_Investigation_-_Generic_4.0.yml | 859 ++++++++++++++++++ 1 file changed, 859 insertions(+) create mode 100644 Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml diff --git a/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml b/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml new file mode 100644 index 000000000000..d6d796eb6873 --- /dev/null +++ b/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml @@ -0,0 +1,859 @@ +id: Phishing Investigation - Generic +version: -1 +name: Phishing Investigation - Generic +fromversion: 4.0 +toversion: 4.0.9 +description: |- + Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself. + + The final remediation tasks are always decided by a human analyst. +starttaskid: "0" +tasks: + "0": + id: "0" + taskid: 32d25ab2-8fa5-46cd-82df-78dc402c0150 + type: start + task: + id: 32d25ab2-8fa5-46cd-82df-78dc402c0150 + version: -1 + name: "" + description: "" + iscommand: false + brand: "" + nexttasks: + '#none#': + - "11" + - "18" + separatecontext: false + view: |- + { + "position": { + "x": 592.5, + "y": 50 + } + } + note: false + "2": + id: "2" + taskid: 17b50e98-fd3e-4410-80c7-a6095629096c + type: regular + task: + id: 17b50e98-fd3e-4410-80c7-a6095629096c + version: -1 + name: Assign to analyst + description: Assign the incident to an analyst based on the analyst's organizational + role. + scriptName: AssignAnalystToIncident + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "15" + scriptarguments: + assignBy: {} + email: {} + roles: + complex: + root: inputs.Role + username: {} + reputationcalc: 1 + separatecontext: false + view: |- + { + "position": { + "x": 592.5, + "y": 1040 + } + } + note: false + "6": + id: "6" + taskid: 5882f2a4-7949-4121-8dc6-09a44bc78a48 + type: playbook + task: + id: 5882f2a4-7949-4121-8dc6-09a44bc78a48 + version: -1 + name: "" + description: "" + playbookName: Calculate Severity - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "2" + separatecontext: false + view: |- + { + "position": { + "x": 377.5, + "y": 865 + } + } + note: false + "7": + id: "7" + taskid: 96f4ce72-93d9-45b9-8831-0cbda3396066 + type: regular + task: + id: 96f4ce72-93d9-45b9-8831-0cbda3396066 + version: -1 + name: Manually review the incident + description: Review the incident to determine if the email that the user reported + is malicious. + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "33" + separatecontext: false + view: |- + { + "position": { + "x": 60, + "y": 1535 + } + } + note: false + "8": + id: "8" + taskid: 0cead84c-7626-4cc0-839f-d1b8d5260b9c + type: regular + task: + id: 0cead84c-7626-4cc0-839f-d1b8d5260b9c + version: -1 + name: Close investigation + description: Close the investigation. + script: Builtin|||closeInvestigation + type: regular + iscommand: true + brand: Builtin + nexttasks: + '#none#': + - "29" + scriptarguments: + assetid: {} + closeNotes: {} + closeReason: {} + id: {} + importantfield: {} + test2: {} + timefield1: {} + reputationcalc: 1 + separatecontext: false + view: |- + { + "position": { + "x": 695, + "y": 2700 + } + } + note: false + "11": + id: "11" + taskid: 6b039cde-c519-4ad2-83b7-17dbefb01c7b + type: title + task: + id: 6b039cde-c519-4ad2-83b7-17dbefb01c7b + version: -1 + name: Triage + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "26" + separatecontext: false + view: |- + { + "position": { + "x": 377.5, + "y": 195 + } + } + note: false + "12": + id: "12" + taskid: 40a1c30b-92a4-41fc-84f3-c8474693f931 + type: regular + task: + id: 40a1c30b-92a4-41fc-84f3-c8474693f931 + version: -1 + name: Store the email address of the reporting user + description: Store the email address of the user that reported the incident. + scriptName: Set + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "14" + scriptarguments: + append: + simple: "true" + key: + simple: Account.Email.Address + value: + complex: + root: incident + accessor: labels.Email/from + reputationcalc: 1 + separatecontext: false + view: |- + { + "position": { + "x": 1022.5, + "y": 515 + } + } + note: false + "13": + id: "13" + taskid: 4aafb18b-b981-470e-864c-5caedb033ce0 + type: regular + task: + id: 4aafb18b-b981-470e-864c-5caedb033ce0 + version: -1 + name: Acknowledge incident was received + description: | + Send an auto-response to user that reported the incident, informing them the incident was received and being handled. + script: '|||send-mail' + type: regular + iscommand: true + brand: "" + nexttasks: + '#none#': + - "2" + scriptarguments: + attachIDs: {} + attachNames: {} + bcc: {} + body: + simple: "Hi ${.=val.Account.DisplayName && val.Email.Address === val.incident.labels['Email/from'] + ? val.Account.DisplayName : val.incident.labels['Email/from']},\nWe've received + your email and are investigating.\nPlease do not touch the email until further + notice.\n\nCordially, \n Your friendly neighborhood security team" + cc: {} + htmlBody: {} + replyTo: {} + subject: + simple: 'Re: Phishing Investigation - ${incident.name}' + to: + complex: + root: incident + accessor: labels.Email/from + reputationcalc: 1 + separatecontext: false + view: |- + { + "position": { + "x": 1022.5, + "y": 865 + } + } + note: false + "14": + id: "14" + taskid: 849b0463-ea4a-4860-86b5-825e5cda8a08 + type: playbook + task: + id: 849b0463-ea4a-4860-86b5-825e5cda8a08 + version: -1 + name: Email Address Enrichment - Generic + description: "" + playbookName: Email Address Enrichment - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "13" + separatecontext: true + view: |- + { + "position": { + "x": 1022.5, + "y": 690 + } + } + note: false + "15": + id: "15" + taskid: f3ddd9af-36b1-44fb-8eaf-1a71be6b34fb + type: condition + task: + id: f3ddd9af-36b1-44fb-8eaf-1a71be6b34fb + version: -1 + name: Is the email malicious? + description: Determine if the email is malicious based on the calculated severity. + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "31" + 'Malicious ': + - "30" + separatecontext: false + conditions: + - label: 'Malicious ' + condition: + - - operator: greaterThanOrEqual + left: + value: + simple: incident.severity + iscontext: true + right: + value: + simple: "2" + view: |- + { + "position": { + "x": 592.5, + "y": 1215 + } + } + note: false + "16": + id: "16" + taskid: 79084bbf-1187-4b31-82f2-8b153a093a49 + type: regular + task: + id: 79084bbf-1187-4b31-82f2-8b153a093a49 + version: -1 + name: Update the user that the reported email is safe + description: Send an email to the user explaining that the email they reported + is safe. + scriptName: SendEmail + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "8" + scriptarguments: + attachIDs: {} + bcc: {} + body: + simple: |- + Hi ${.=val.Account.DisplayName && val.Email.Address === val.incident.labels['Email/from'] ? val.Account.DisplayName : val.incident.labels['Email/from']}, + We've concluded that the email you forwarded to us is safe. + Thank you for your alertness and your participation in keeping our organization secure. + + Cordially, + Your security team + cc: {} + htmlBody: {} + noteEntryID: {} + replyTo: {} + subject: + simple: 'Re: Phishing Investigation - ${incident.name}' + to: + simple: ${incident.labels.Email/from} + reputationcalc: 1 + separatecontext: false + view: |- + { + "position": { + "x": 60, + "y": 2525 + } + } + note: false + "17": + id: "17" + taskid: f7788586-5020-4246-8946-2021c76dc722 + type: regular + task: + id: f7788586-5020-4246-8946-2021c76dc722 + version: -1 + name: Update the user that the reported email is malicious + description: Send an email to the user explaining that the email they reported + is malicious. + script: '|||send-mail' + type: regular + iscommand: true + brand: "" + nexttasks: + '#none#': + - "27" + scriptarguments: + attachIDs: {} + attachNames: {} + bcc: {} + body: + simple: |- + Hi ${.=val.Account.DisplayName && val.Email.Address === val.incident.labels['Email/from'] ? val.Account.DisplayName : val.incident.labels['Email/from']}, + We've concluded that the email you forwarded to us is malicious. We've taken steps to blacklist the sender and quarantine the email. Good job on detecting and forwarding it to us! + + All the best, + Your security team + cc: {} + htmlBody: {} + replyTo: {} + subject: + simple: 'Re: Phishing Investigation - ${incident.name}' + to: + simple: ${incident.labels.Email/from} + separatecontext: false + view: |- + { + "position": { + "x": 807.5, + "y": 2030 + } + } + note: false + "18": + id: "18" + taskid: 916bc6c8-6d46-4f04-8bd2-1152736b7984 + type: title + task: + id: 916bc6c8-6d46-4f04-8bd2-1152736b7984 + version: -1 + name: Engage with User + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "12" + separatecontext: false + view: |- + { + "position": { + "x": 1022.5, + "y": 355 + } + } + note: false + "22": + id: "22" + taskid: ca065734-ff0b-4d84-8bfe-a93298bd34ab + type: playbook + task: + id: ca065734-ff0b-4d84-8bfe-a93298bd34ab + version: -1 + name: Detonate File - Generic + description: "" + playbookName: Detonate File - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "6" + separatecontext: true + view: |- + { + "position": { + "x": 592.5, + "y": 690 + } + } + note: false + "25": + id: "25" + taskid: fb79a97c-7e8d-4004-8a89-4297f9d0a9cf + type: playbook + task: + id: fb79a97c-7e8d-4004-8a89-4297f9d0a9cf + version: -1 + name: Entity Enrichment - Generic + description: "" + playbookName: Entity Enrichment - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "6" + separatecontext: true + view: |- + { + "position": { + "x": 162.5, + "y": 690 + } + } + note: false + "26": + id: "26" + taskid: 2cf1ade0-ab88-4dfd-819e-c134627edaf7 + type: playbook + task: + id: 2cf1ade0-ab88-4dfd-819e-c134627edaf7 + version: -1 + name: Process Email - Generic + description: "" + playbookName: Process Email - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "35" + - "22" + separatecontext: true + view: |- + { + "position": { + "x": 377.5, + "y": 340 + } + } + note: false + "27": + id: "27" + taskid: d73d68a4-dff2-4cae-8645-972f9c328444 + type: title + task: + id: d73d68a4-dff2-4cae-8645-972f9c328444 + version: -1 + name: Remediate + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "34" + - "36" + - "37" + separatecontext: false + view: |- + { + "position": { + "x": 807.5, + "y": 2205 + } + } + note: false + "28": + id: "28" + taskid: 6cc94de8-1f6c-4832-805b-43ec888fcf1b + type: playbook + task: + id: 6cc94de8-1f6c-4832-805b-43ec888fcf1b + version: -1 + name: Search And Delete Emails - Generic + description: "" + playbookName: Search And Delete Emails - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "8" + separatecontext: true + view: |- + { + "position": { + "x": 910, + "y": 2525 + } + } + note: false + "29": + id: "29" + taskid: e9a74030-baa8-43f9-8c35-54f8ae2d6b7b + type: title + task: + id: e9a74030-baa8-43f9-8c35-54f8ae2d6b7b + version: -1 + name: Done + description: "" + type: title + iscommand: false + brand: "" + separatecontext: false + view: |- + { + "position": { + "x": 695, + "y": 2875 + } + } + note: false + "30": + id: "30" + taskid: 824c86e1-14a5-42cf-8516-e5f893558f09 + type: title + task: + id: 824c86e1-14a5-42cf-8516-e5f893558f09 + version: -1 + name: Malicious + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "17" + separatecontext: false + view: |- + { + "position": { + "x": 807.5, + "y": 1885 + } + } + note: false + "31": + id: "31" + taskid: 717e858d-5696-441b-8ff2-30f798cea618 + type: title + task: + id: 717e858d-5696-441b-8ff2-30f798cea618 + version: -1 + name: Undetermined + description: "" + type: title + iscommand: false + brand: "" + nexttasks: + '#none#': + - "7" + separatecontext: false + view: |- + { + "position": { + "x": 60, + "y": 1390 + } + } + note: false + "33": + id: "33" + taskid: f59a91ed-b686-4133-8f23-13338cff2d6e + type: condition + task: + id: f59a91ed-b686-4133-8f23-13338cff2d6e + version: -1 + name: Is the email malicious? + description: Is the email that the user reported malicious? + type: condition + iscommand: false + brand: "" + nexttasks: + "No": + - "16" + "yes": + - "30" + separatecontext: false + view: |- + { + "position": { + "x": 60, + "y": 1710 + } + } + note: false + "34": + id: "34" + taskid: 17f0be59-6aff-4f12-829a-395597295427 + type: regular + task: + id: 17f0be59-6aff-4f12-829a-395597295427 + version: -1 + name: Manually remediate the incident + description: "Consider the following:\n1. Search for and delete similar emails\n2. + Inform the organization about the threat\n3. Hunt the relevant IOCs\n4. Update + proxies and firewalls as necessary\n5. Block the malicious sender/ domain + in the mail-gateway " + type: regular + iscommand: false + brand: "" + nexttasks: + '#none#': + - "8" + separatecontext: false + view: |- + { + "position": { + "x": 460, + "y": 2360 + } + } + note: false + "35": + id: "35" + taskid: 524a2856-34ef-4752-862d-90daa98875ee + type: playbook + task: + id: 524a2856-34ef-4752-862d-90daa98875ee + version: -1 + name: Extract Indicators From File - Generic + description: "" + playbookName: Extract Indicators From File - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "25" + separatecontext: true + view: |- + { + "position": { + "x": 162.5, + "y": 515 + } + } + note: false + "36": + id: "36" + taskid: 9aff5a75-b7eb-410a-8751-6cc749dc9df5 + type: condition + task: + id: 9aff5a75-b7eb-410a-8751-6cc749dc9df5 + version: -1 + name: Execute the "Search and Delete" sub-playbook? + description: Verify that the "Search and Delete" parameter is set to "True"? + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "8" + "yes": + - "28" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isExists + left: + value: + complex: + root: inputs.SearchAndDelete + filters: + - - operator: isEqualString + left: + value: + simple: inputs.SearchAndDelete + iscontext: true + right: + value: + simple: "True" + ignorecase: true + iscontext: true + view: |- + { + "position": { + "x": 910, + "y": 2360 + } + } + note: false + "37": + id: "37" + taskid: 8277280f-0c19-4d99-85c9-39e19f60bc0d + type: condition + task: + id: 8277280f-0c19-4d99-85c9-39e19f60bc0d + version: -1 + name: Execute the "Block Indicators" sub-playbook? + description: Verify that the "Block indicators" parameter is set to "True"? + type: condition + iscommand: false + brand: "" + nexttasks: + '#default#': + - "8" + "yes": + - "38" + separatecontext: false + conditions: + - label: "yes" + condition: + - - operator: isExists + left: + value: + complex: + root: inputs.BlockIndicators + filters: + - - operator: isEqualString + left: + value: + simple: inputs.BlockIndicators + iscontext: true + right: + value: + simple: "True" + ignorecase: true + iscontext: true + view: |- + { + "position": { + "x": 1350, + "y": 2360 + } + } + note: false + "38": + id: "38" + taskid: 2198ea9b-926d-4f25-829e-39c390771dfb + type: playbook + task: + id: 2198ea9b-926d-4f25-829e-39c390771dfb + version: -1 + name: Block Indicators - Generic + description: "" + playbookName: Block Indicators - Generic + type: playbook + iscommand: false + brand: "" + nexttasks: + '#none#': + - "8" + separatecontext: true + view: |- + { + "position": { + "x": 1350, + "y": 2525 + } + } + note: false +view: |- + { + "linkLabelsPosition": {}, + "paper": { + "dimensions": { + "height": 2890, + "width": 1670, + "x": 60, + "y": 50 + } + } + } +inputs: +- key: Role + value: + simple: Administrator + required: true + description: The default role to assign the incident to. +- key: SearchAndDelete + value: + simple: "False" + required: false + description: |- + Enable the "Search and Delete" capability (can be either "True" or "False"). + In case of a malicious email, the "Search and Delete" sub-playbook will look for other instances of the email and delete them pending analyst approval. +- key: BlockIndicators + value: + simple: "False" + required: false + description: |- + Enable the "Block Indicators" capability (can be either "True" or "False"). + In case of a malicious email, the "Block Indicators" sub-playbook will block all malicious indicators in the relevant integrations. +outputs: [] +releaseNotes: "Updated yml so that playbook is supported up to 4.0.9 including." +tests: +- Phishing test - attachment +- Phishing test - Inline \ No newline at end of file From d7b094ad4273a72fc8ccbe94f64c154e7a73e5e2 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Wed, 26 Dec 2018 14:45:10 +0200 Subject: [PATCH 30/49] Updated fromversion to follow convention. Improved descriptions and examples in scripts. --- ...k-Phishing_Investigation_-_Generic_4.0.yml | 2 +- ...script-ChangeRemediationSLAOnSevChange.yml | 25 +++++++++++++++---- Scripts/script-SendEmailOnSLABreach.yml | 6 ++++- .../script-StopTimeToAssignOnOwnerChange.yml | 3 +++ 4 files changed, 29 insertions(+), 7 deletions(-) diff --git a/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml b/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml index d6d796eb6873..d8ac1837a14b 100644 --- a/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml +++ b/Playbooks/playbook-Phishing_Investigation_-_Generic_4.0.yml @@ -1,7 +1,7 @@ id: Phishing Investigation - Generic version: -1 name: Phishing Investigation - Generic -fromversion: 4.0 +fromversion: 4.0.0 toversion: 4.0.9 description: |- Use this playbook to investigate and remediate a potential phishing incident. The playbook simultaneously engages with the user that triggered the incident, while investigating the incident itself. diff --git a/Scripts/script-ChangeRemediationSLAOnSevChange.yml b/Scripts/script-ChangeRemediationSLAOnSevChange.yml index 9aa44fb9b767..3d96288ee486 100644 --- a/Scripts/script-ChangeRemediationSLAOnSevChange.yml +++ b/Scripts/script-ChangeRemediationSLAOnSevChange.yml @@ -7,10 +7,26 @@ script: | import datetime # ##### Help ##### - # Triggered Field Name is in: demisto.args()['name'] - # Field's old value is in: demisto.args()['old'] - # Field's new value is in: demisto.args()['new'] - # Printing argument structure: demisto.results(demisto.args()) + # This is an example script. The script is used to change the Remediation SLA of an incident, when the severity of the incident changes for any reason. Please copy this script and make changes to your liking. + # The Configuration section is there to help you easily configure the script with your desired SLAs. + + # The CRITICAL_SLA field defines the number of minutes that you would want an incident with critical severity to have, in its Remediation SLA field. + # The NONCRITICAL_SLA field defines the number of days that you would want an incident with non-critical severity to have, in its Remediation SLA field. + # The NONCRITICAL_SLA field can also be configured in minutes if you want. + + # Note that the SLA can be set with a number that represents minutes instead of days, like so: demisto.executeCommand("setIncident",{'sla': 30, "slaField":"remediationsla"}) + # but it can also be set with a number that represents a complete date and time structure, like so: demisto.executeCommand("setIncident",{'sla': 2018-12-26T12:10:24Z, "slaField":"remediationsla"}) + # To get the date+time structure, you can use timedelta, like so: newsla = now + datetime.timedelta(days=2) + # then, you would use this to convert it to the date+time structure that can be passed to the SLA field: newsla = newsla.strftime('%Y-%m-%dT%H:%M:%S+00:00') + + # Since this script is to be triggered by a change of a field, you may want to make use of the changes to the field in your script. + # For example, in this case, when the severity of an incident is changed, we want to check if it is now critical, or not. We do this by using demisto.args()['new'], to get the new value of the severity. + # The field changes can be obtained in the following way: + # The name of the triggered field is in: demisto.args()['name'] + # The field's old value is in: demisto.args()['old'] + # The field's new value is in: demisto.args()['new'] + # To print the whole argument structure, use this: demisto.results(demisto.args()) + # ##### Configuration ##### CRITICAL_SLA = 60 # In minutes @@ -22,7 +38,6 @@ script: | if args_sev == 'Critical': demisto.log('Severity changed to Critical') - # newsla = now + datetime.timedelta(days=2) demisto.executeCommand("setIncident",{'sla': CRITICAL_SLA, "slaField":"remediationsla"}) else: diff --git a/Scripts/script-SendEmailOnSLABreach.yml b/Scripts/script-SendEmailOnSLABreach.yml index c64b630644a0..17cc963b3225 100644 --- a/Scripts/script-SendEmailOnSLABreach.yml +++ b/Scripts/script-SendEmailOnSLABreach.yml @@ -4,9 +4,13 @@ commonfields: version: -1 name: SendEmailOnSLABreach script: | + # ##### Help ##### + # This is an example script. The script is used to send an email once an SLA is breached. Please copy this script and make changes to your liking. + # The Configuration section is there to help you easily configure the script with your desired email recipient, the subject of the email, and the body. + # If you want to use this script, you should go to the SLA field that would trigger it, and set this script as the script to run on SLA breach. ###### Configuration ###### - EMAIL_TO = "someuser@demisto.com" + EMAIL_TO = "someuser@yourdomain.com" SUBJECT = "SLA breached!" BODY = "We have detected a breach in SLA. Check the incident for more details." diff --git a/Scripts/script-StopTimeToAssignOnOwnerChange.yml b/Scripts/script-StopTimeToAssignOnOwnerChange.yml index 571fed4695cd..b62204df9574 100644 --- a/Scripts/script-StopTimeToAssignOnOwnerChange.yml +++ b/Scripts/script-StopTimeToAssignOnOwnerChange.yml @@ -4,6 +4,9 @@ commonfields: version: -1 name: StopTimeToAssignOnOwnerChange script: | + # ##### Help ##### + # This is an example script. The script is used to stop the Time to Assignment SLA field, once an owner was set to an incident. + # If you want to use this script, you should go to the Time to Assignment SLA field, and set this script as the script to run upon change of field value. if demisto.args()['old'] == "" and demisto.args()['new'] != "": # If owner was no-one and is now someone: demisto.executeCommand("stopTimer", {"timerField":"timetoassignment"}) From 4174174d08f9a791fb3522de5632826a49db68e0 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Wed, 26 Dec 2018 15:02:38 +0200 Subject: [PATCH 31/49] Fixed validation of playbook overlap. Because the old playbook became a "new" file, it caused a problem. --- Tests/id_set.json | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 1db4d0762a5e..94942f64fe36 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -1847,12 +1847,6 @@ "fromversion": "4.0.0" } }, - { - "Phishing Investigation - Generic": { - "toversion": "99.99.99", - "fromversion": 4.0 - } - }, { "playbook2": { "toversion": "99.99.99", From 8d8cc0c52d44f464b2248f6b8a17fecf8f3aa205 Mon Sep 17 00:00:00 2001 From: Guy Lichtman <1395797+glicht@users.noreply.github.com> Date: Mon, 31 Dec 2018 16:58:18 +0200 Subject: [PATCH 32/49] Delete script-SendEmailOnSLABreach.yml I am deleting the send email script and we'll open a separate issue --- Scripts/script-SendEmailOnSLABreach.yml | 28 ------------------------- 1 file changed, 28 deletions(-) delete mode 100644 Scripts/script-SendEmailOnSLABreach.yml diff --git a/Scripts/script-SendEmailOnSLABreach.yml b/Scripts/script-SendEmailOnSLABreach.yml deleted file mode 100644 index 17cc963b3225..000000000000 --- a/Scripts/script-SendEmailOnSLABreach.yml +++ /dev/null @@ -1,28 +0,0 @@ -fromversion: 4.1.0 -commonfields: - id: sendemailonslabreach - version: -1 -name: SendEmailOnSLABreach -script: | - # ##### Help ##### - # This is an example script. The script is used to send an email once an SLA is breached. Please copy this script and make changes to your liking. - # The Configuration section is there to help you easily configure the script with your desired email recipient, the subject of the email, and the body. - # If you want to use this script, you should go to the SLA field that would trigger it, and set this script as the script to run on SLA breach. - - ###### Configuration ###### - EMAIL_TO = "someuser@yourdomain.com" - SUBJECT = "SLA breached!" - BODY = "We have detected a breach in SLA. Check the incident for more details." - - ##### Send Email ##### - demisto.executeCommand("SendEmail", {"to":EMAIL_TO, "subject":SUBJECT, "body":BODY}) -type: python -tags: [] -comment: Sends an email to a user. Can be triggered on SLA breach, and customized - to your needs. -enabled: true -scripttarget: 0 -runonce: false -runas: DBotWeakRole -tests: - - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file From c064e9ceb375d6df38bcb55821ea05d540b811a9 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Wed, 2 Jan 2019 16:20:57 +0200 Subject: [PATCH 33/49] Multiple fixes: - SLA Dashboard widgets are now stretched out to fill the whole dashboard - Widgets now display time in hours instead of seconds - Script descriptions are now way more detailed and comprehensible - Scripts now have arguments to make them testable - Added test for the 2 new SLA scripts --- Dashboards/dashboard-SLA.json | 34 +++++++++---------- ...script-ChangeRemediationSLAOnSevChange.yml | 21 ++++++++++-- .../script-StopTimeToAssignOnOwnerChange.yml | 9 +++-- TestPlaybooks/playbook-SLA_Scripts_-_Test.yml | 8 +++-- Tests/conf.json | 3 ++ Widgets/widget-MttdByType.json | 2 +- Widgets/widget-MttrByType.json | 2 +- 7 files changed, 54 insertions(+), 25 deletions(-) diff --git a/Dashboards/dashboard-SLA.json b/Dashboards/dashboard-SLA.json index f4454a391890..d4df522a69a6 100644 --- a/Dashboards/dashboard-SLA.json +++ b/Dashboards/dashboard-SLA.json @@ -9,7 +9,7 @@ "byTo": "", "byFrom": "days", "toValue": null, - "fromValue": 7, + "fromValue": 30, "field": "" }, "fromDateLicense": "0001-01-01T00:00:00Z", @@ -21,7 +21,7 @@ "x": 6, "y": 0, "i": "25a2e8f0-fd4e-11e8-a656-2b6c8cbabaee", - "w": 2, + "w": 3, "h": 1, "widget": { "id": "fddd62ff-a411-4e6a-8213-e0277a9b95b5", @@ -57,11 +57,11 @@ { "id": "3747f820-fd4e-11e8-a656-2b6c8cbabaee", "forceRange": false, - "x": 2, + "x": 0, "y": 0, "i": "3747f820-fd4e-11e8-a656-2b6c8cbabaee", - "w": 2, - "h": 2, + "w": 3, + "h": 3, "widget": { "id": "1e54092d-1ed0-47a6-862d-893adc05e612", "version": 1, @@ -96,11 +96,11 @@ { "id": "3de5b1e0-fd4e-11e8-a656-2b6c8cbabaee", "forceRange": false, - "x": 4, + "x": 3, "y": 0, "i": "3de5b1e0-fd4e-11e8-a656-2b6c8cbabaee", - "w": 2, - "h": 2, + "w": 3, + "h": 3, "widget": { "id": "1767dee0-7f8c-48a5-8988-c58b9e713ab6", "version": 1, @@ -135,10 +135,10 @@ { "id": "a48c1670-fdf1-11e8-a2fa-df5e7de7d45d", "forceRange": false, - "x": 8, + "x": 9, "y": 0, "i": "a48c1670-fdf1-11e8-a2fa-df5e7de7d45d", - "w": 2, + "w": 3, "h": 1, "widget": { "id": "mean-time-to-resolution", @@ -174,11 +174,11 @@ { "id": "d2bbe430-02a1-11e9-878d-4fff182656eb", "forceRange": false, - "x": 2, - "y": 2, + "x": 6, + "y": 1, "i": "d2bbe430-02a1-11e9-878d-4fff182656eb", - "w": 4, - "h": 2, + "w": 6, + "h": 5, "widget": { "id": "mttd-by-type", "version": 1, @@ -216,10 +216,10 @@ { "id": "e30f9430-02a1-11e9-878d-4fff182656eb", "forceRange": false, - "x": 6, - "y": 1, + "x": 0, + "y": 3, "i": "e30f9430-02a1-11e9-878d-4fff182656eb", - "w": 4, + "w": 6, "h": 3, "widget": { "id": "mttr-by-type", diff --git a/Scripts/script-ChangeRemediationSLAOnSevChange.yml b/Scripts/script-ChangeRemediationSLAOnSevChange.yml index 3d96288ee486..13516f433030 100644 --- a/Scripts/script-ChangeRemediationSLAOnSevChange.yml +++ b/Scripts/script-ChangeRemediationSLAOnSevChange.yml @@ -33,7 +33,7 @@ script: | NONCRITICAL_SLA = 6 # In days # ##### Logic ##### - args_sev = demisto.args()['new'] + args_sev = demisto.args().get('new') now = datetime.datetime.utcnow() if args_sev == 'Critical': @@ -53,8 +53,25 @@ comment: |- Changes the remediation SLA once a change in incident severity occurs. This is done automatically and the changes can be configured to your needs. enabled: true +args: +- name: old + auto: PREDEFINED + predefined: + - Low + - Medium + - High + - Critical + description: The old value of the field that was changed. +- name: new + auto: PREDEFINED + predefined: + - Low + - Medium + - High + - Critical + description: The new value of the field that was changed. scripttarget: 0 runonce: false runas: DBotRole tests: - - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file + - SLA Scripts - Test \ No newline at end of file diff --git a/Scripts/script-StopTimeToAssignOnOwnerChange.yml b/Scripts/script-StopTimeToAssignOnOwnerChange.yml index b62204df9574..e83528a4052f 100644 --- a/Scripts/script-StopTimeToAssignOnOwnerChange.yml +++ b/Scripts/script-StopTimeToAssignOnOwnerChange.yml @@ -8,7 +8,7 @@ script: | # This is an example script. The script is used to stop the Time to Assignment SLA field, once an owner was set to an incident. # If you want to use this script, you should go to the Time to Assignment SLA field, and set this script as the script to run upon change of field value. - if demisto.args()['old'] == "" and demisto.args()['new'] != "": # If owner was no-one and is now someone: + if not demisto.args().get('old') and demisto.args().get('new'): # If owner was no-one and is now someone: demisto.executeCommand("stopTimer", {"timerField":"timetoassignment"}) demisto.results("Assignment of the incident was successful and so the Time To Assignment timer has been stopped.") type: python @@ -17,8 +17,13 @@ tags: - example comment: Stops the "Time To Assign" timer if the owner of the incident was changed. enabled: true +args: +- name: old + description: The old value of the changed field +- name: new + description: The new value of the changed field scripttarget: 0 runonce: false runas: DBotWeakRole tests: - - No test - will be manually tested before release (only useful as a triggered script) \ No newline at end of file + - SLA Scripts - Test \ No newline at end of file diff --git a/TestPlaybooks/playbook-SLA_Scripts_-_Test.yml b/TestPlaybooks/playbook-SLA_Scripts_-_Test.yml index 17f61c3c15d6..7491d8732ba9 100644 --- a/TestPlaybooks/playbook-SLA_Scripts_-_Test.yml +++ b/TestPlaybooks/playbook-SLA_Scripts_-_Test.yml @@ -34,6 +34,7 @@ tasks: id: cc737177-04cc-4c7f-8e30-c46494ba1989 version: -1 name: Change Remediation SLA On Severity Change + description: "" type: title iscommand: false brand: "" @@ -61,7 +62,7 @@ tasks: description: Runs a script that should change the Remediation SLA because of a severity change. This also injects input to the script, that will make it believe the severity was changed. - scriptName: ChangeRemediationSLAOnSevChange_dev + scriptName: ChangeRemediationSLAOnSevChange type: regular iscommand: false brand: "" @@ -169,6 +170,7 @@ tasks: id: d167197d-ed08-4be5-85fe-18d658e4ae0d version: -1 name: Done + description: "" type: title iscommand: false brand: "" @@ -250,6 +252,7 @@ tasks: id: 78b27df7-2596-4237-8836-acd49b9e8e89 version: -1 name: Delete context + description: "Deletes the current context," scriptName: DeleteContext type: regular iscommand: false @@ -367,6 +370,7 @@ tasks: id: cf0b91a9-88d1-4bdd-8dba-b9b4ff862a48 version: -1 name: Stop Time to Assignment On Owner Change + description: "" type: title iscommand: false brand: "" @@ -424,7 +428,7 @@ tasks: name: Run script with new owner description: Runs StopTimeToAssignOnOwnerChange script, with a new owner as an argument. This should stop the Time to Assignment timer. - scriptName: StopTimeToAssignOnOwnerChange_dev + scriptName: StopTimeToAssignOnOwnerChange type: regular iscommand: false brand: "" diff --git a/Tests/conf.json b/Tests/conf.json index a1f61232665c..4468c4184b48 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -891,6 +891,9 @@ { "integrations": "duo", "playbookID": "DUO Test Playbook" + }, + { + "playbookID": "SLA Scripts - Test" } ], "skipped_tests": { diff --git a/Widgets/widget-MttdByType.json b/Widgets/widget-MttdByType.json index 6469463a61cf..b428685a541e 100644 --- a/Widgets/widget-MttdByType.json +++ b/Widgets/widget-MttdByType.json @@ -19,7 +19,7 @@ } }, "params":{ - "keys":["avg|detectionsla.totalDuration / 60"], + "keys":["avg|detectionsla.totalDuration / 3600"], "groupBy" : ["occurred(d)", "type"] }, "description": "A widget that shows the Mean Time to Detection, by incident type." diff --git a/Widgets/widget-MttrByType.json b/Widgets/widget-MttrByType.json index ebe52900f03f..ed43e41a60fd 100644 --- a/Widgets/widget-MttrByType.json +++ b/Widgets/widget-MttrByType.json @@ -19,7 +19,7 @@ } }, "params":{ - "keys":["avg|openDuration / 60"], + "keys":["avg|openDuration / 3600"], "groupBy" : ["occurred(d)", "type"] }, "description": "Shows changes in Mean Time to Resolution, over time, while differentiating between incident types.", From 013b7987e61a744a6d02ba5de9b1ced3e11ab42c Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Wed, 2 Jan 2019 18:49:19 +0200 Subject: [PATCH 34/49] fixed id_set.json with rony --- Tests/id_set.json | 13915 ++++++++++++++++++++++---------------------- 1 file changed, 6989 insertions(+), 6926 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index f84e733290ea..6c449bb0d1fa 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -2,14274 +2,14337 @@ "scripts": [ { "AwsStopInstance": { - "name": "AwsStopInstance", + "name": "AwsStopInstance", "depends_on": [ "stop-instance" ] } - }, + }, { "PWFindEvents": { - "name": "PWFindEvents", - "deprecated": true, + "name": "PWFindEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "QRadarClassifier": { - "name": "QRadarClassifier", - "deprecated": true, + "name": "QRadarClassifier", + "deprecated": true, "depends_on": [ "qradar-searches" ] } - }, + }, { "VolLDRModules": { "name": "VolLDRModules" } - }, + }, { "CPShowHosts": { - "name": "CPShowHosts", - "deprecated": true, + "name": "CPShowHosts", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "PWSensors": { - "name": "PWSensors", - "deprecated": true, + "name": "PWSensors", + "deprecated": true, "depends_on": [ "sensors" - ], + ], "script_executions": [ "sensors" ] } - }, + }, { "ADListComputers": { - "name": "ADListComputers", - "deprecated": true, + "name": "ADListComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CheckWhitelist": { - "name": "CheckWhitelist", - "deprecated": true, + "name": "CheckWhitelist", + "deprecated": true, "script_executions": [ "getList" ] } - }, + }, { "VectraHosts": { - "name": "VectraHosts", - "deprecated": true, + "name": "VectraHosts", + "deprecated": true, "depends_on": [ "vec-hosts" ] } - }, + }, { "SetContext": { - "name": "SetContext", + "name": "SetContext", "deprecated": true } - }, + }, { "D2Autoruns": { "name": "D2Autoruns" } - }, + }, { "MathUtil": { "name": "MathUtil" } - }, + }, { "CBFindHash": { - "name": "CBFindHash", - "deprecated": true, + "name": "CBFindHash", + "deprecated": true, "depends_on": [ "cb-binary" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "fromversion": "3.5.0", + "name": "SendEmailToManager", + "fromversion": "3.5.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", + "AdSearch", "addEntitlement" ] } - }, + }, { "FileCreateAndUpload": { "name": "FileCreateAndUpload" } - }, + }, { "DecodeMimeHeader": { "name": "DecodeMimeHeader" } - }, + }, { "WildfireUpload": { - "name": "WildfireUpload", - "deprecated": true, + "name": "WildfireUpload", + "deprecated": true, "depends_on": [ "wildfire-upload" ] } - }, + }, { "CYFileRep": { - "name": "CYFileRep", + "name": "CYFileRep", "depends_on": [ - "file", + "file", "cy-upload" - ], + ], "script_executions": [ - "getEntry", - "file", + "getEntry", + "file", "file" ] } - }, + }, { "PanoramaPcaps": { - "name": "PanoramaPcaps", - "deprecated": true, + "name": "PanoramaPcaps", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ExtractDomain": { - "name": "ExtractDomain", + "name": "ExtractDomain", "toversion": "3.0.0" } - }, + }, { "ExposeUsers": { - "name": "ExposeUsers", + "name": "ExposeUsers", "deprecated": true } - }, + }, { "Print": { "name": "Print" } - }, + }, { "CSIndicators": { - "name": "CSIndicators", - "deprecated": true, + "name": "CSIndicators", + "deprecated": true, "depends_on": [ "cs-indicators" ] } - }, + }, { "PWEventPcapInfo": { - "name": "PWEventPcapInfo", - "deprecated": true, + "name": "PWEventPcapInfo", + "deprecated": true, "depends_on": [ "event-pcap-info" ] } - }, + }, { "JiraIssueQuery": { - "name": "JiraIssueQuery", - "deprecated": true, + "name": "JiraIssueQuery", + "deprecated": true, "depends_on": [ "jira-issue-query" ] } - }, + }, { "ADGetAllUsersEmail": { - "name": "ADGetAllUsersEmail", - "deprecated": true, + "name": "ADGetAllUsersEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooDetonateFile": { - "name": "CuckooDetonateFile", + "name": "CuckooDetonateFile", "depends_on": [ "cuckoo-create-task-from-file" ] } - }, + }, { "EPORepoList": { - "name": "EPORepoList", - "deprecated": true, + "name": "EPORepoList", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "GrrSetFlows": { - "name": "GrrSetFlows", + "name": "GrrSetFlows", "depends_on": [ "grr_set_flows" - ], + ], "script_executions": [ "grr_set_flows" ] } - }, + }, { "VectraGetDetetctionsById": { - "name": "VectraGetDetetctionsById", - "deprecated": true, + "name": "VectraGetDetetctionsById", + "deprecated": true, "depends_on": [ "vec-get-detetctions-by-id" ] } - }, + }, { "CommonD2": { "name": "CommonD2" } - }, + }, { "FilterByList": { - "name": "FilterByList", + "name": "FilterByList", "script_executions": [ "getList" ] } - }, + }, { "ExtractHash": { "name": "ExtractHash" } - }, + }, { "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { "name": "commentsToContext" } - }, + }, { "ConvertXmlFileToJson": { "name": "ConvertXmlFileToJson" } - }, + }, { "IPExtract": { - "name": "IPExtract", + "name": "IPExtract", "deprecated": true } - }, + }, { "DBotAverageScore": { "name": "DBotAverageScore" } - }, + }, { "NessusCreateScan": { - "name": "NessusCreateScan", - "deprecated": true, + "name": "NessusCreateScan", + "deprecated": true, "depends_on": [ "scan-create" ] } - }, + }, { "StixParser": { "name": "StixParser" } - }, + }, { "NessusShowEditorTemplates": { - "name": "NessusShowEditorTemplates", - "deprecated": true, + "name": "NessusShowEditorTemplates", + "deprecated": true, "depends_on": [ "nessus-get-scans-editors" ] } - }, + }, { "QrFullSearch": { - "name": "QrFullSearch", - "deprecated": true, + "name": "QrFullSearch", + "deprecated": true, "depends_on": [ - "QrGetSearchResults", - "qr-get-search", + "QrGetSearchResults", + "qr-get-search", "qr-searches" - ], + ], "script_executions": [ "QrGetSearchResults" ] } - }, + }, { "FetchFromInstance": { - "name": "FetchFromInstance", - "fromversion": "4.0.0", + "name": "FetchFromInstance", + "fromversion": "4.0.0", "deprecated": true } - }, + }, { "a6e348f4-1e40-4365-870c-52139c60779a": { - "name": "OktaGetUser", - "deprecated": true, + "name": "OktaGetUser", + "deprecated": true, "depends_on": [ "okta-get-user" ] } - }, + }, { "VolConnscan": { "name": "VolConnscan" } - }, + }, { "840aa9a7-04b2-4505-8238-8fe85f010dde": { - "name": "OktaActivateUser", - "deprecated": true, + "name": "OktaActivateUser", + "deprecated": true, "depends_on": [ "okta-activate-user" ] } - }, + }, { "CBLiveGetFile": { - "name": "CBLiveGetFile", - "depends_on": [ - "cb-session-create", - "cb-sensor-info", - "cb-command-create", - "cb-session-info", - "cb-file-get", - "cb-command-info", + "name": "CBLiveGetFile", + "depends_on": [ + "cb-session-create", + "cb-sensor-info", + "cb-command-create", + "cb-session-info", + "cb-file-get", + "cb-command-info", "cb-list-sessions" ] } - }, + }, { "ScheduleGenericPolling": { - "name": "ScheduleGenericPolling", + "name": "ScheduleGenericPolling", "fromversion": "4.0.0" } - }, + }, { "AddEvidence": { - "name": "AddEvidence", + "name": "AddEvidence", "fromversion": "2.5.0" } - }, + }, { "Ping": { "name": "Ping" } - }, + }, { "EncodeToAscii": { "name": "EncodeToAscii" } - }, + }, { "ServiceNowCreateIncident": { - "name": "ServiceNowCreateIncident", + "name": "ServiceNowCreateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-create-record" ] } - }, + }, { "TriagePhishing": { - "name": "TriagePhishing", + "name": "TriagePhishing", "deprecated": true } - }, + }, { "LessThanPercentage": { "name": "LessThanPercentage" } - }, + }, { "TrendmicroAlertStatus": { - "name": "TrendmicroAlertStatus", + "name": "TrendmicroAlertStatus", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "SandboxDetonateFile": { - "name": "SandboxDetonateFile", - "script_executions": [ - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "getEntry", - "CuckooDetonateFile", - "CuckooTaskStatus", + "name": "SandboxDetonateFile", + "script_executions": [ + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "getEntry", + "CuckooDetonateFile", + "CuckooTaskStatus", "CuckooGetReport" ] } - }, + }, { "ParseEmailFiles": { - "name": "ParseEmailFiles", + "name": "ParseEmailFiles", "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "ConferSetSeverity": { - "name": "ConferSetSeverity", + "name": "ConferSetSeverity", "depends_on": [ "confer" - ], + ], "script_executions": [ "setSeverity" ] } - }, + }, { "ReverseList": { "name": "ReverseList" } - }, + }, { "ImpSfListEndpoints": { - "name": "ImpSfListEndpoints", + "name": "ImpSfListEndpoints", "depends_on": [ "imp-sf-list-endpoints" ] } - }, + }, { "9364c36f-b1d6-4233-88c2-75008b106c31": { - "name": "vmray_getResults", + "name": "vmray_getResults", "depends_on": [ "get_job_sample" - ], + ], "script_executions": [ - "get_job_sample", - "get_results", + "get_job_sample", + "get_results", "scheduleEntry" ] } - }, + }, { "InviteUser": { "name": "InviteUser" } - }, + }, { "VectraDetections": { - "name": "VectraDetections", - "deprecated": true, + "name": "VectraDetections", + "deprecated": true, "depends_on": [ "vec-detections" ] } - }, + }, { "StaticAnalyze": { "name": "StaticAnalyze" } - }, + }, { "GetContextValue": { - "name": "GetContextValue", + "name": "GetContextValue", "deprecated": true } - }, + }, { "TaniumFilterComputersByIndexQueryFileDetails": { - "name": "TaniumFilterComputersByIndexQueryFileDetails", + "name": "TaniumFilterComputersByIndexQueryFileDetails", "depends_on": [ "tn-ask-manual-question" ] } - }, + }, { "D2O365ComplianceSearch": { "name": "D2O365ComplianceSearch" } - }, + }, { "SearchIncidents": { "name": "SearchIncidents" } - }, + }, { "CuckooDisplayReport": { - "name": "CuckooDisplayReport", + "name": "CuckooDisplayReport", "depends_on": [ "ck-report" - ], + ], "script_executions": [ - "getFilePath", + "getFilePath", "getEntry" ] } - }, + }, { "VolPSList": { "name": "VolPSList" } - }, + }, { "CBLiveProcessList": { - "name": "CBLiveProcessList", + "name": "CBLiveProcessList", "depends_on": [ - "cb-command-info", + "cb-command-info", "cb-command-create" ] } - }, + }, { "GoogleappsGmailGetMail": { - "name": "GoogleappsGmailGetMail", - "deprecated": true, + "name": "GoogleappsGmailGetMail", + "deprecated": true, "depends_on": [ "googleapps-gmail-get-mail" ] } - }, + }, { "PTEnrich": { - "name": "PTEnrich", - "depends_on": [ - "pt-osint", - "pt-whois", - "pt-malware", - "pt-enrichment", - "pt-get-subdomains", - "pt-ssl-cert", + "name": "PTEnrich", + "depends_on": [ + "pt-osint", + "pt-whois", + "pt-malware", + "pt-enrichment", + "pt-get-subdomains", + "pt-ssl-cert", "pt-passive-dns" ] } - }, + }, { "ResolveShortenedURL": { "name": "ResolveShortenedURL" } - }, + }, { "CommonServerUserPython": { "name": "CommonServerUserPython" } - }, + }, { "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { - "name": "NetwitnessSearch", + "name": "NetwitnessSearch", "depends_on": [ "nw-sdk-search" ] } - }, + }, { "RunSqlQuery": { - "name": "RunSqlQuery", - "deprecated": true, + "name": "RunSqlQuery", + "deprecated": true, "depends_on": [ "query" - ], + ], "script_executions": [ "query" ] } - }, + }, { "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { - "name": "VerifyContext", + "name": "VerifyContext", "deprecated": true } - }, + }, { "TimeStampToDate": { "name": "TimeStampToDate" } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "toversion": "3.1.0", + "name": "SlackAskUser", + "toversion": "3.1.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addOneTimeEntitlement" ] } - }, + }, { "CPShowAccessRulebase": { - "name": "CPShowAccessRulebase", - "deprecated": true, + "name": "CPShowAccessRulebase", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "VolNetworkConnections": { "name": "VolNetworkConnections" } - }, + }, { "DemistoDeleteIncident": { - "name": "DemistoDeleteIncident", - "deprecated": true, + "name": "DemistoDeleteIncident", + "deprecated": true, "depends_on": [ "demisto-api-post" ] } - }, + }, { "SSDeepReputation": { - "name": "SSDeepReputation", + "name": "SSDeepReputation", "script_executions": [ - "findIndicators", + "findIndicators", "getContext" ] } - }, + }, { "GrrGetHunt": { - "name": "GrrGetHunt", + "name": "GrrGetHunt", "depends_on": [ "grr_get_hunt" - ], + ], "script_executions": [ "grr_get_hunt" ] } - }, + }, { "findIncidentsWithIndicator": { "name": "findIncidentsWithIndicator" } - }, + }, { "ExifRead": { "name": "ExifRead" } - }, + }, { "AlgosecGetTicket": { - "name": "AlgosecGetTicket", + "name": "AlgosecGetTicket", "depends_on": [ "algosec-get-ticket" ] } - }, + }, { "IncapGetDomainApproverEmail": { - "name": "IncapGetDomainApproverEmail", + "name": "IncapGetDomainApproverEmail", "depends_on": [ "incap-get-domain-approver-email" ] } - }, + }, { "ElasticSearchDisplay": { - "name": "ElasticSearchDisplay", + "name": "ElasticSearchDisplay", "depends_on": [ "search" ] } - }, + }, { "ContextGetIps": { "name": "ContextGetIps" } - }, + }, { "D2Hardware": { "name": "D2Hardware" } - }, + }, { "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { - "name": "OktaSearch", - "deprecated": true, + "name": "OktaSearch", + "deprecated": true, "depends_on": [ "okta-search" ] } - }, + }, { "TrendmicroSecurityProfileRetrieveAll": { - "name": "TrendmicroSecurityProfileRetrieveAll", + "name": "TrendmicroSecurityProfileRetrieveAll", "depends_on": [ "trendmicro-security-profile-retrieve-all" ] } - }, + }, { "PanoramaConfig": { - "name": "PanoramaConfig", - "deprecated": true, + "name": "PanoramaConfig", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "RepopulateFiles": { - "name": "RepopulateFiles", + "name": "RepopulateFiles", "script_executions": [ "getEntries" ] } - }, + }, { "SendMessageToOnlineUsers": { "name": "SendMessageToOnlineUsers" } - }, + }, { "SetIncidentCustomFields": { "name": "SetIncidentCustomFields" } - }, + }, { "CEFParser": { "name": "CEFParser" } - }, + }, { "ADSetNewPassword": { - "name": "ADSetNewPassword", - "deprecated": true, + "name": "ADSetNewPassword", + "deprecated": true, "depends_on": [ "ad-set-new-password" ] } - }, + }, { "misp_upload_sample": { - "name": "misp_upload_sample", + "name": "misp_upload_sample", "depends_on": [ "internal-misp-upload-sample" - ], + ], "script_executions": [ "getFilePath" ] } - }, + }, { "IsValueInArray": { "name": "IsValueInArray" } - }, + }, { "displayhtml": { "name": "DisplayHTML" } - }, + }, { "VectraClassifier": { - "name": "VectraClassifier", - "deprecated": true, + "name": "VectraClassifier", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "JSONtoCSV": { - "name": "JSONtoCSV", + "name": "JSONtoCSV", "script_executions": [ "getEntry" ] } - }, + }, { "ConferIncidentDetails": { - "name": "ConferIncidentDetails", + "name": "ConferIncidentDetails", "depends_on": [ "confer" ] } - }, + }, { "ParseJSON": { "name": "ParseJSON" } - }, + }, { "ScheduleCommand": { "name": "ScheduleCommand" } - }, + }, { "XBTimeline": { - "name": "XBTimeline", + "name": "XBTimeline", "depends_on": [ "xb-timeline" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "toversion": "3.1.0" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "toversion": "3.5.0", + "name": "IncidentSet", + "toversion": "3.5.0", "script_executions": [ - "setOwner", - "setStage", - "setIncident", + "setOwner", + "setStage", + "setIncident", "setPlaybook" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "deprecated": true } - }, + }, { "URLSSLVerification": { "name": "URLSSLVerification" } - }, + }, { "EmailDomainSquattingReputation": { "name": "EmailDomainSquattingReputation" } - }, + }, { "XBUser": { - "name": "XBUser", + "name": "XBUser", "depends_on": [ "xb-user" ] } - }, + }, { "SNUpdateTicket": { - "name": "SNUpdateTicket", - "deprecated": true, + "name": "SNUpdateTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-update" ] } - }, + }, { "ticksToTime": { "name": "ticksToTime" } - }, + }, { "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { - "name": "VirustotalIsMalicious", - "deprecated": true, + "name": "VirustotalIsMalicious", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "file", + "file", "file" ] } - }, + }, { "TopMaliciousRatioIndicators": { - "name": "TopMaliciousRatioIndicators", - "fromversion": "4.0.0", + "name": "TopMaliciousRatioIndicators", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "SetMultipleValues": { "name": "SetMultipleValues" } - }, + }, { "PanoramaCommit": { - "name": "PanoramaCommit", - "deprecated": true, + "name": "PanoramaCommit", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "CloseInvestigation": { - "name": "CloseInvestigation", + "name": "CloseInvestigation", "deprecated": true } - }, + }, { "CrowdStrikeUrlParse": { "name": "CrowdStrikeUrlParse" } - }, + }, { "MarkRelatedIncidents": { "name": "MarkRelatedIncidents" } - }, + }, { "DemistoSendInvite": { - "name": "DemistoSendInvite", + "name": "DemistoSendInvite", "depends_on": [ - "demisto-api-post", + "demisto-api-post", "demisto-api-get" ] } - }, + }, { "CommonIntegrationPython": { - "name": "CommonIntegrationPython", + "name": "CommonIntegrationPython", "deprecated": true } - }, + }, { "RunDockerCommand": { "name": "RunDockerCommand" } - }, + }, { "GoogleappsGmailSearch": { - "name": "GoogleappsGmailSearch", - "deprecated": true, + "name": "GoogleappsGmailSearch", + "deprecated": true, "depends_on": [ "googleapps-gmail-search" ] } - }, + }, { "EPODetermineRepository": { - "name": "EPODetermineRepository", + "name": "EPODetermineRepository", "deprecated": true } - }, + }, { "emailFieldTriggered": { "name": "emailFieldTriggered" } - }, + }, { "TrendMicroGetPolicyID": { - "name": "TrendMicroGetPolicyID", + "name": "TrendMicroGetPolicyID", "depends_on": [ "trendmicro-security-profile-retrieve-all" - ], + ], "script_executions": [ "TrendmicroSecurityProfileRetrieveAll" ] } - }, + }, { "AquatoneDiscover": { "name": "AquatoneDiscover" } - }, + }, { "ExtractDomainFromURL": { - "name": "ExtractDomainFromURL", + "name": "ExtractDomainFromURL", "deprecated": true } - }, + }, { "NetwitnessSAUpdateIncident": { - "name": "NetwitnessSAUpdateIncident", - "deprecated": true, + "name": "NetwitnessSAUpdateIncident", + "deprecated": true, "depends_on": [ "nw-update-incident" ] } - }, + }, { "UnzipFile": { - "name": "UnzipFile", + "name": "UnzipFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "NetwitnessSAGetAvailableAssignees": { - "name": "NetwitnessSAGetAvailableAssignees", + "name": "NetwitnessSAGetAvailableAssignees", "depends_on": [ "nw-get-available-assignees" ] } - }, + }, { "QualysCreateIncidentFromReport": { - "name": "QualysCreateIncidentFromReport", + "name": "QualysCreateIncidentFromReport", "depends_on": [ "qualys-host-list" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "CuckooDetonateURL": { - "name": "CuckooDetonateURL", + "name": "CuckooDetonateURL", "depends_on": [ "cuckoo-create-task-from-url" ] } - }, + }, { "UserEnrichAD": { - "name": "UserEnrichAD", + "name": "UserEnrichAD", "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUser" ] } - }, + }, { "WordTokenizer": { "name": "WordTokenizer" } - }, + }, { "da8594b8-0b57-4cb2-8578-94754bb577c6": { - "name": "NetwitnessSAListIncidents", + "name": "NetwitnessSAListIncidents", "depends_on": [ "nw-list-incidents" ] } - }, + }, { "IsContextSet": { - "name": "IsContextSet", + "name": "IsContextSet", "deprecated": true } - }, + }, { "Set": { "name": "Set" } - }, + }, { "ArcherCreateSecurityIncident": { - "name": "ArcherCreateSecurityIncident", + "name": "ArcherCreateSecurityIncident", "depends_on": [ "archer-create-record" ] } - }, + }, { "VolMalfindDumpAgent": { "name": "VolMalfindDumpAgent" } - }, + }, { "TrendmicroSystemEventRetrieve": { - "name": "TrendmicroSystemEventRetrieve", + "name": "TrendmicroSystemEventRetrieve", "depends_on": [ "trendmicro-system-event-retrieve" ] } - }, + }, { "MimecastFindEmail": { - "name": "MimecastFindEmail", + "name": "MimecastFindEmail", "depends_on": [ "mimecast-query" ] } - }, + }, { "D2Drop": { "name": "D2Drop" } - }, + }, { "TaniumFindRunningProcesses": { - "name": "TaniumFindRunningProcesses", - "deprecated": true, + "name": "TaniumFindRunningProcesses", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "NessusScanDetails": { - "name": "NessusScanDetails", - "deprecated": true, + "name": "NessusScanDetails", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "CBPCatalogFindHash": { - "name": "CBPCatalogFindHash", + "name": "CBPCatalogFindHash", "depends_on": [ "cbp-fileCatalog-search" ] } - }, + }, { "checkValue": { "name": "checkValue" } - }, + }, { "WhileLoop": { - "name": "WhileLoop", + "name": "WhileLoop", "deprecated": true } - }, + }, { "D2GetSystemLog": { "name": "D2GetSystemLog" } - }, + }, { "CopyFileD2": { "name": "CopyFileD2" } - }, + }, { "CheckFilesWildfirePy": { - "name": "CheckFilesWildfirePy", + "name": "CheckFilesWildfirePy", "depends_on": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "ADGetGroupMembers": { - "name": "ADGetGroupMembers", + "name": "ADGetGroupMembers", "depends_on": [ "ad-search" ] } - }, + }, { "SCPPullFiles": { - "name": "SCPPullFiles", + "name": "SCPPullFiles", "depends_on": [ "copy-from" ] } - }, + }, { "ReadFile": { - "name": "ReadFile", + "name": "ReadFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSensors": { - "name": "VectraSensors", - "deprecated": true, + "name": "VectraSensors", + "deprecated": true, "depends_on": [ "vec-sensors" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "deprecated": true, + "name": "QRadarFullSearch", + "deprecated": true, "depends_on": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "CSActors": { - "name": "CSActors", - "deprecated": true, + "name": "CSActors", + "deprecated": true, "depends_on": [ "cs-actors" ] } - }, + }, { "NessusGetReport": { - "name": "NessusGetReport", - "deprecated": true, + "name": "NessusGetReport", + "deprecated": true, "depends_on": [ - "scan-report-download", - "scan-export", + "scan-report-download", + "scan-export", "scan-export-status" ] } - }, + }, { "VolRaw": { "name": "VolRaw" } - }, + }, { "Base64Encode": { "name": "Base64Encode" } - }, + }, { "LCMAcknowledgeHost": { - "name": "LCMAcknowledgeHost", + "name": "LCMAcknowledgeHost", "depends_on": [ "lcm-acknowledge-host" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "ExtractEmail": { "name": "ExtractEmail" } - }, + }, { "NexposeVulnExtractor": { - "name": "NexposeVulnExtractor", + "name": "NexposeVulnExtractor", "depends_on": [ "nexpose" ] } - }, + }, { "XBTriggeredRules": { - "name": "XBTriggeredRules", + "name": "XBTriggeredRules", "depends_on": [ "xb-triggered-rules" ] } - }, + }, { "LoadJSON": { "name": "LoadJSON" } - }, + }, { "CommonUserServer": { "name": "CommonUserServer" } - }, + }, { "IsMaliciousIndicatorFound": { "name": "IsMaliciousIndicatorFound" } - }, + }, { "D2ActiveUsers": { "name": "D2ActiveUsers" } - }, + }, { "BuildEWSQuery": { "name": "BuildEWSQuery" } - }, + }, { "da330ce7-3a93-430c-8454-03b96cf5184e": { - "name": "OktaCreateUser", - "deprecated": true, + "name": "OktaCreateUser", + "deprecated": true, "depends_on": [ "okta-create-user" ] } - }, + }, { "JiraIssueUploadFile": { - "name": "JiraIssueUploadFile", - "deprecated": true, + "name": "JiraIssueUploadFile", + "deprecated": true, "depends_on": [ "jira-issue-upload-file" ] } - }, + }, { "PanoramaDynamicAddressGroup": { - "name": "PanoramaDynamicAddressGroup", + "name": "PanoramaDynamicAddressGroup", "deprecated": true } - }, + }, { "ActiveUsersD2": { "name": "ActiveUsersD2" } - }, + }, { "ParseExcel": { - "name": "ParseExcel", + "name": "ParseExcel", "script_executions": [ "getFilePath" ] } - }, + }, { "MatchRegex": { "name": "MatchRegex" } - }, + }, { "ip_to_host": { "name": "IPToHost" } - }, + }, { "AlgosecGetNetworkObject": { - "name": "AlgosecGetNetworkObject", + "name": "AlgosecGetNetworkObject", "depends_on": [ "algosec-get-network-object" ] } - }, + }, { "Autoruns": { "name": "Autoruns" } - }, + }, { "VectraTriage": { - "name": "VectraTriage", - "deprecated": true, + "name": "VectraTriage", + "deprecated": true, "depends_on": [ "vec-triage" ] } - }, + }, { "ATDDetonate": { - "name": "ATDDetonate", + "name": "ATDDetonate", "depends_on": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "XBInfo": { "name": "XBInfo" } - }, + }, { "NetwitnessSACreateIncident": { - "name": "NetwitnessSACreateIncident", + "name": "NetwitnessSACreateIncident", "depends_on": [ "nw-create-incident" ] } - }, + }, { "ExchangeSearchMailbox": { "name": "ExchangeSearchMailbox" } - }, + }, { "DT": { "name": "DT" } - }, + }, { "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { - "name": "VerifyContextFields", + "name": "VerifyContextFields", "deprecated": true } - }, + }, { "5d44a5d9-d91a-4420-801f-755f26b60c47": { - "name": "cveLatest", - "deprecated": true, + "name": "cveLatest", + "deprecated": true, "depends_on": [ "cve-latest" ] } - }, + }, { "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { - "name": "CheckpointFWCreateBackup", + "name": "CheckpointFWCreateBackup", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "DemistoLogsBundle": { - "name": "DemistoLogsBundle", + "name": "DemistoLogsBundle", "depends_on": [ "demisto-api-download" ] } - }, + }, { "ContextGetEmails": { "name": "ContextGetEmails" } - }, + }, { "nexpose_create_incidents_from_assets": { - "name": "NexposeCreateIncidentsFromAssets", + "name": "NexposeCreateIncidentsFromAssets", "depends_on": [ "nexpose-get-asset" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { "name": "BlockIP" } - }, + }, { "ExchangeSearch": { - "name": "ExchangeSearch", - "deprecated": true, + "name": "ExchangeSearch", + "deprecated": true, "depends_on": [ "ews-search-mailbox" ] } - }, + }, { "CPSetRule": { - "name": "CPSetRule", - "deprecated": true, + "name": "CPSetRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", + "checkpoint", "checkpoint" ] } - }, + }, { "VolGetProcWithMalNetConn": { "name": "VolGetProcWithMalNetConn" } - }, + }, { "ConvertTableToHTML": { "name": "ConvertTableToHTML" } - }, + }, { "StringLength": { "name": "StringLength" } - }, + }, { "CuckooGetScreenshot": { - "name": "CuckooGetScreenshot", + "name": "CuckooGetScreenshot", "depends_on": [ "cuckoo-task-screenshot" ] } - }, + }, { "VolMalfind": { "name": "VolMalfind" } - }, + }, { "ExposeModules": { - "name": "ExposeModules", + "name": "ExposeModules", "deprecated": true } - }, + }, { "GrrGetFlows": { - "name": "GrrGetFlows", + "name": "GrrGetFlows", "depends_on": [ "grr_get_flows" - ], + ], "script_executions": [ "grr_get_flows" ] } - }, + }, { "IsTrue": { "name": "IsTrue" } - }, + }, { "SplunkSearchJsonPy": { - "name": "SplunkSearchJsonPy", - "deprecated": true, + "name": "SplunkSearchJsonPy", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "UnEscapeURLs": { "name": "UnEscapeURLs" } - }, + }, { "ProofpointDecodeURL": { "name": "ProofpointDecodeURL" } - }, + }, { "ReadPDFFile": { - "name": "ReadPDFFile", + "name": "ReadPDFFile", "script_executions": [ "getFilePath" ] } - }, + }, { "ContextContains": { "name": "ContextContains" } - }, + }, { "ADIsUserMember": { - "name": "ADIsUserMember", - "deprecated": true, + "name": "ADIsUserMember", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ - "ADGetUserGroups", + "ADGetUserGroups", "AdSearch" ] } - }, + }, { "PanoramaMove": { - "name": "PanoramaMove", - "deprecated": true, + "name": "PanoramaMove", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ADGetUserGroups": { - "name": "ADGetUserGroups", - "deprecated": true, + "name": "ADGetUserGroups", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "ADUserLogonInfo": { - "name": "ADUserLogonInfo", - "deprecated": true, + "name": "ADUserLogonInfo", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "Osxcollector": { "name": "Osxcollector" } - }, + }, { "PWObservationPcapInfo": { - "name": "PWObservationPcapInfo", - "deprecated": true, + "name": "PWObservationPcapInfo", + "deprecated": true, "depends_on": [ "observation-pcap-info" ] } - }, + }, { "QrSearches": { - "name": "QrSearches", - "deprecated": true, + "name": "QrSearches", + "deprecated": true, "depends_on": [ "qr-searches" ] } - }, + }, { "ExtractIndicatorsFromTextFile": { "name": "ExtractIndicatorsFromTextFile" } - }, + }, { "CheckIPs": { - "name": "CheckIPs", - "deprecated": true, + "name": "CheckIPs", + "deprecated": true, "script_executions": [ "ip" ] } - }, + }, { "VolDlllist": { "name": "VolDlllist" } - }, + }, { "FPSetRule": { - "name": "FPSetRule", + "name": "FPSetRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "TrendMicroClassifier": { - "name": "TrendMicroClassifier", + "name": "TrendMicroClassifier", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "TrendMicroGetHostID": { - "name": "TrendMicroGetHostID", + "name": "TrendMicroGetHostID", "depends_on": [ "trendmicro-host-retrieve-all" - ], + ], "script_executions": [ "TrendmicroHostRetrieveAll" ] } - }, + }, { "ExtractDomainFromUrlAndEmail": { "name": "ExtractDomainFromUrlAndEmail" } - }, + }, { "VectraSettings": { - "name": "VectraSettings", - "deprecated": true, + "name": "VectraSettings", + "deprecated": true, "depends_on": [ "vec-settings" ] } - }, + }, { "GenerateInvestigationSummaryReport": { - "name": "GenerateInvestigationSummaryReport", + "name": "GenerateInvestigationSummaryReport", "fromversion": "3.5.0" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "fromversion": "3.1.0" } - }, + }, { "EPORepositoryComplianceCheck": { - "name": "EPORepositoryComplianceCheck", - "deprecated": true, + "name": "EPORepositoryComplianceCheck", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "PWObservations": { - "name": "PWObservations", - "deprecated": true, + "name": "PWObservations", + "deprecated": true, "depends_on": [ "observation-search" ] } - }, + }, { "DBotPredictTextLabel": { - "name": "DBotPredictTextLabel", - "fromversion": "4.1.0", + "name": "DBotPredictTextLabel", + "fromversion": "4.1.0", "script_executions": [ "getList" ] } - }, + }, { "InRange": { "name": "InRange" } - }, + }, { "IngestCSV": { - "name": "IngestCSV", - "deprecated": true, + "name": "IngestCSV", + "deprecated": true, "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "TrendmicroHostAntimalwareScan": { - "name": "TrendmicroHostAntimalwareScan", + "name": "TrendmicroHostAntimalwareScan", "depends_on": [ "trendmicro-host-antimalware-scan" ] } - }, + }, { "QrGetSearchResults": { - "name": "QrGetSearchResults", - "deprecated": true, + "name": "QrGetSearchResults", + "deprecated": true, "depends_on": [ "qr-get-search-results" ] } - }, + }, { "NessusHostDetails": { - "name": "NessusHostDetails", - "deprecated": true, + "name": "NessusHostDetails", + "deprecated": true, "depends_on": [ "scan-host-details" ] } - }, + }, { "WhereFieldEquals": { "name": "WhereFieldEquals" } - }, + }, { "OSQueryUsers": { - "name": "OSQueryUsers", + "name": "OSQueryUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "CrowdStrikeStreamingPreProcessing": { - "name": "CrowdStrikeStreamingPreProcessing", + "name": "CrowdStrikeStreamingPreProcessing", "script_executions": [ "addEntries" ] } - }, + }, { "Strings": { - "name": "Strings", + "name": "Strings", "script_executions": [ "getFilePath" ] } - }, + }, { "QrOffenses": { - "name": "QrOffenses", - "deprecated": true, + "name": "QrOffenses", + "deprecated": true, "depends_on": [ "qr-offenses" ] } - }, + }, { "LCMHosts": { "name": "LCMHosts" } - }, + }, { "RegProbeBasic": { "name": "RegProbeBasic" } - }, + }, { "ContextGetHashes": { "name": "ContextGetHashes" } - }, + }, { "NexposeEmailParser": { - "name": "NexposeEmailParser", + "name": "NexposeEmailParser", "depends_on": [ "nexpose" ] } - }, + }, { "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { - "name": "WhileNotMdLoop", + "name": "WhileNotMdLoop", "deprecated": true } - }, + }, { "SlackMirror": { - "name": "SlackMirror", - "deprecated": true, + "name": "SlackMirror", + "deprecated": true, "depends_on": [ "slack-mirror-investigation" ] } - }, + }, { "CheckFiles": { - "name": "CheckFiles", - "deprecated": true, + "name": "CheckFiles", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "IsIPInRanges": { "name": "IsIPInRanges" } - }, + }, { "CBSessions": { - "name": "CBSessions", + "name": "CBSessions", "depends_on": [ "cb-list-sessions" ] } - }, + }, { "JSONFileToCSV": { - "name": "JSONFileToCSV", + "name": "JSONFileToCSV", "script_executions": [ "getFilePath" ] } - }, + }, { "GeneratePassword": { "name": "GeneratePassword" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "fromversion": "3.5.1", - "deprecated": true, + "name": "IncidentSet", + "fromversion": "3.5.1", + "deprecated": true, "script_executions": [ - "setOwner", - "setStage", - "setIncident", + "setOwner", + "setStage", + "setIncident", "setPlaybook" ] } - }, + }, { "GoogleAuthURL": { "name": "GoogleAuthURL" } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "toversion": "3.0.1" } - }, + }, { "IPReputation": { - "name": "IPReputation", + "name": "IPReputation", "script_executions": [ "ip" ] } - }, + }, { "AwsCreateImage": { - "name": "AwsCreateImage", + "name": "AwsCreateImage", "depends_on": [ "create-image" ] } - }, + }, { "WildfireReport": { - "name": "WildfireReport", - "deprecated": true, + "name": "WildfireReport", + "deprecated": true, "depends_on": [ "wildfire-report" ] } - }, + }, { "LCMIndicatorsForEntity": { - "name": "LCMIndicatorsForEntity", + "name": "LCMIndicatorsForEntity", "depends_on": [ "lcm-indicatorsforentity" ] } - }, + }, { "hideFieldsOnNewIncident": { - "name": "hideFieldsOnNewIncident", + "name": "hideFieldsOnNewIncident", "fromversion": "3.6.0" } - }, + }, { "ImpSfScheduleTask": { - "name": "ImpSfScheduleTask", + "name": "ImpSfScheduleTask", "depends_on": [ - "ImpSfRevokeUnaccessedDevices", + "ImpSfRevokeUnaccessedDevices", "scheduleEntry" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "ServiceNowUpdateIncident": { - "name": "ServiceNowUpdateIncident", + "name": "ServiceNowUpdateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-update-record" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "toversion": "3.0.1" } - }, + }, { "SetDateField": { - "name": "SetDateField", + "name": "SetDateField", "script_executions": [ "setIncident" ] } - }, + }, { "ADGetEmailForUser": { - "name": "ADGetEmailForUser", - "deprecated": true, + "name": "ADGetEmailForUser", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.6.0", + "name": "EmailAskUser", + "toversion": "3.6.0", "fromversion": "3.5.0" } - }, + }, { "PWEventDetails": { - "name": "PWEventDetails", - "deprecated": true, + "name": "PWEventDetails", + "deprecated": true, "depends_on": [ "pw-event-get" ] } - }, + }, { "CheckSenderDomainDistance": { "name": "CheckSenderDomainDistance" } - }, + }, { "7b02fa0f-94ff-48c7-8350-b4e353702e73": { - "name": "VMRay", + "name": "VMRay", "depends_on": [ "upload_sample" - ], + ], "script_executions": [ - "getFilePath", - "upload_sample", + "getFilePath", + "upload_sample", "scheduleEntry" ] } - }, + }, { "PWObservationPcapDownload": { - "name": "PWObservationPcapDownload", + "name": "PWObservationPcapDownload", "depends_on": [ "observation-pcap-download" ] } - }, + }, { "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { - "name": "cveReputation", + "name": "cveReputation", "depends_on": [ "cve-search" ] } - }, + }, { "ParseEmailHeader": { - "name": "ParseEmailHeaders", + "name": "ParseEmailHeaders", "script_executions": [ "getFilePath" ] } - }, + }, { "IndicatorMaliciousRatioCalculation": { - "name": "IndicatorMaliciousRatioCalculation", - "fromversion": "3.5.0", + "name": "IndicatorMaliciousRatioCalculation", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", - "getIncidents", + "findIndicators", + "getIncidents", "getIncidents" ] } - }, + }, { "BinaryReputationPy": { - "name": "BinaryReputationPy", - "deprecated": true, + "name": "BinaryReputationPy", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "getEntries", - "file", + "getEntries", + "file", "file" ] } - }, + }, { "ArcherUpdateSecurityIncident": { - "name": "ArcherUpdateSecurityIncident", + "name": "ArcherUpdateSecurityIncident", "depends_on": [ "archer-update-record" ] } - }, + }, { "IsListExist": { - "name": "IsListExist", + "name": "IsListExist", "script_executions": [ "getList" ] } - }, + }, { "CSCountDevicesForIOC": { - "name": "CSCountDevicesForIOC", - "deprecated": true, + "name": "CSCountDevicesForIOC", + "deprecated": true, "depends_on": [ "cs-device-count-ioc" ] } - }, + }, { "LCMSetHostComment": { - "name": "LCMSetHostComment", + "name": "LCMSetHostComment", "depends_on": [ "lcm-set-host-comment" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "D2Exec": { "name": "D2Exec" } - }, + }, { "OSQueryProcesses": { - "name": "OSQueryProcesses", + "name": "OSQueryProcesses", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "NessusScanStatus": { - "name": "NessusScanStatus", - "deprecated": true, + "name": "NessusScanStatus", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "DemistoLinkIncidents": { - "name": "DemistoLinkIncidents", + "name": "DemistoLinkIncidents", "depends_on": [ "demisto-api-post" ] } - }, + }, { "JiraCreateIssue": { - "name": "JiraCreateIssue", - "deprecated": true, + "name": "JiraCreateIssue", + "deprecated": true, "depends_on": [ "jira-create-issue" ] } - }, + }, { "LocateAttachment": { - "name": "LocateAttachment", - "deprecated": true, + "name": "LocateAttachment", + "deprecated": true, "script_executions": [ "getEntries" ] } - }, + }, { "ADGetComputerGroups": { - "name": "ADGetComputerGroups", - "deprecated": true, + "name": "ADGetComputerGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "AdSearch" ] } - }, + }, { "MapValues": { "name": "MapValues" } - }, + }, { "QrGetSearch": { - "name": "QrGetSearch", - "deprecated": true, + "name": "QrGetSearch", + "deprecated": true, "depends_on": [ "qr-get-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "fromversion": "4.0.0" } - }, + }, { "AwsGetInstanceInfo": { - "name": "AwsGetInstanceInfo", + "name": "AwsGetInstanceInfo", "depends_on": [ - "get-instance-info", - "get-ebs-volume-info", + "get-instance-info", + "get-ebs-volume-info", "get-sg-info" ] } - }, + }, { "CreateArray": { "name": "CreateArray" } - }, + }, { "ADListUsers": { - "name": "ADListUsers", - "deprecated": true, + "name": "ADListUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CBPFindRule": { - "name": "CBPFindRule", + "name": "CBPFindRule", "depends_on": [ "cbp-fileRule-search" ] } - }, + }, { "GoogleappsListUsers": { - "name": "GoogleappsListUsers", - "deprecated": true, + "name": "GoogleappsListUsers", + "deprecated": true, "depends_on": [ "googleapps-list-users" ] } - }, + }, { "ParseCSV": { - "name": "ParseCSV", + "name": "ParseCSV", "script_executions": [ "getEntries" ] } - }, + }, { "D2Winpmem": { "name": "D2Winpmem" } - }, + }, { "AlgosecGetApplications": { - "name": "AlgosecGetApplications", + "name": "AlgosecGetApplications", "depends_on": [ "algosec-get-applications" ] } - }, + }, { "Elasticsearch": { - "name": "Elasticsearch", + "name": "Elasticsearch", "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "EPOUpdateRepository": { - "name": "EPOUpdateRepository", - "deprecated": true, + "name": "EPOUpdateRepository", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "ZipFile": { - "name": "ZipFile", + "name": "ZipFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSummary": { - "name": "VectraSummary", - "deprecated": true, + "name": "VectraSummary", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "MattermostAskUser": { - "name": "MattermostAskUser", + "name": "MattermostAskUser", "depends_on": [ "mattermost-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "WhoisSummary": { - "name": "WhoisSummary", - "deprecated": true, + "name": "WhoisSummary", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "AssignAnalystToIncident": { "name": "AssignAnalystToIncident" } - }, + }, { "Base64ListToFile": { - "name": "Base64ListToFile", + "name": "Base64ListToFile", "script_executions": [ "getList" ] } - }, + }, { "LCMPathFinderScanHost": { - "name": "LCMPathFinderScanHost", + "name": "LCMPathFinderScanHost", "depends_on": [ "lcm-pathfinder-scan" ] } - }, + }, { "IncapScheduleTask": { - "name": "IncapScheduleTask", + "name": "IncapScheduleTask", "depends_on": [ - "scheduleEntry", + "scheduleEntry", "IncapWhitelistCompliance" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "SbQuery": { - "name": "SbQuery", + "name": "SbQuery", "depends_on": [ "sb-query" ] } - }, + }, { "GetStringsDistance": { "name": "GetStringsDistance" } - }, + }, { "CSHuntByIOC": { - "name": "CSHuntByIOC", - "deprecated": true, + "name": "CSHuntByIOC", + "deprecated": true, "depends_on": [ "cs-device-ran-on" ] } - }, + }, { "FireEyeDetonateFile": { - "name": "FireEyeDetonateFile", + "name": "FireEyeDetonateFile", "depends_on": [ - "fe-submit", - "fe-submit-result", + "fe-submit", + "fe-submit-result", "fe-submit-status" - ], + ], "script_executions": [ "IsIntegrationAvailable" ] } - }, + }, { "514ec833-c02c-49a3-8ac6-d982198f5fa0": { - "name": "OktaUpdateUser", - "deprecated": true, + "name": "OktaUpdateUser", + "deprecated": true, "depends_on": [ "okta-update-user" ] } - }, + }, { "JoinIfSingleElementOnly": { "name": "JoinIfSingleElementOnly" } - }, + }, { "PWObservationDetails": { - "name": "PWObservationDetails", - "deprecated": true, + "name": "PWObservationDetails", + "deprecated": true, "depends_on": [ "pw-observation-get" ] } - }, + }, { "SNOpenTicket": { - "name": "SNOpenTicket", - "deprecated": true, + "name": "SNOpenTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-create" ] } - }, + }, { "IPInfoQuery": { - "name": "IPInfoQuery", - "deprecated": true, + "name": "IPInfoQuery", + "deprecated": true, "depends_on": [ "ipinfo_field" - ], + ], "script_executions": [ - "ipinfo_field", + "ipinfo_field", "ip" ] } - }, + }, { "RegCollectValues": { "name": "RegCollectValues" } - }, + }, { "MD5Extract": { - "name": "MD5Extract", + "name": "MD5Extract", "deprecated": true } - }, + }, { "CommonIntegration": { - "name": "CommonIntegration", + "name": "CommonIntegration", "deprecated": true } - }, + }, { "CBPBanHash": { - "name": "CBPBanHash", + "name": "CBPBanHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "URLDecode": { "name": "URLDecode" } - }, + }, { "AwsRunInstance": { - "name": "AwsRunInstance", + "name": "AwsRunInstance", "depends_on": [ "run-instance" ] } - }, + }, { "EPORetrieveCurrentDATVersion": { - "name": "EPORetrieveCurrentDATVersion", - "deprecated": true, + "name": "EPORetrieveCurrentDATVersion", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "TaniumShowPendingActions": { - "name": "TaniumShowPendingActions", - "deprecated": true, + "name": "TaniumShowPendingActions", + "deprecated": true, "depends_on": [ "tn-get-object" ] } - }, + }, { "PrintErrorEntry": { - "name": "PrintErrorEntry", + "name": "PrintErrorEntry", "fromversion": "4.0.0" } - }, + }, { "SEPCheckOutdatedEndpoints": { - "name": "SEPCheckOutdatedEndpoints", + "name": "SEPCheckOutdatedEndpoints", "depends_on": [ "sep-client-content" ] } - }, + }, { "URLNumberOfAds": { "name": "URLNumberOfAds" } - }, + }, { "IncidentToContext": { - "name": "IncidentToContext", + "name": "IncidentToContext", "deprecated": true } - }, + }, { "D2Users": { "name": "D2Users" } - }, + }, { "StripChars": { "name": "StripChars" } - }, + }, { "RegPathReputationBasicLists": { "name": "RegPathReputationBasicLists" } - }, + }, { "IsIntegrationAvailable": { "name": "IsIntegrationAvailable" } - }, + }, { "ExposeIncidentOwner": { "name": "ExposeIncidentOwner" } - }, + }, { "EmailReputation": { - "name": "EmailReputation", + "name": "EmailReputation", "script_executions": [ "email" ] } - }, + }, { "AwsCreateVolumeSnapshot": { - "name": "AwsCreateVolumeSnapshot", + "name": "AwsCreateVolumeSnapshot", "depends_on": [ "create-volume-snapshot" ] } - }, + }, { "CreateEmailHtmlBody": { "name": "CreateEmailHtmlBody" } - }, + }, { "listExecutedCommands": { "name": "listExecutedCommands" } - }, + }, { "EPOUpdateEndpoints": { - "name": "EPOUpdateEndpoints", - "deprecated": true, + "name": "EPOUpdateEndpoints", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "CheckSender": { - "name": "CheckSender", + "name": "CheckSender", "depends_on": [ "pipl-search" ] } - }, + }, { "NessusLaunchScan": { - "name": "NessusLaunchScan", - "deprecated": true, + "name": "NessusLaunchScan", + "deprecated": true, "depends_on": [ "scan-launch" ] } - }, + }, { "ADGetGroupUsers": { - "name": "ADGetGroupUsers", - "deprecated": true, + "name": "ADGetGroupUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CPTaskStatus": { - "name": "CPTaskStatus", - "deprecated": true, + "name": "CPTaskStatus", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "80b5c44c-4eac-4e00-812f-6d409d57be31": { - "name": "WhoisLookup", - "deprecated": true, + "name": "WhoisLookup", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "NetwitnessSAAddEventsToIncident": { - "name": "NetwitnessSAAddEventsToIncident", + "name": "NetwitnessSAAddEventsToIncident", "depends_on": [ "nw-add-events-to-incident" ] } - }, + }, { "StopScheduledTask": { - "name": "StopScheduledTask", + "name": "StopScheduledTask", "script_executions": [ "scheduleEntry" ] } - }, + }, { "SalesforceAskUser": { - "name": "SalesforceAskUser", + "name": "SalesforceAskUser", "depends_on": [ "salesforce-push-comment" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "ADListUsersEx": { - "name": "ADListUsersEx", - "deprecated": true, + "name": "ADListUsersEx", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "OSQueryOpenSockets": { - "name": "OSQueryOpenSockets", + "name": "OSQueryOpenSockets", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "EsmExample": { - "name": "EsmExample", + "name": "EsmExample", "depends_on": [ "search" ] } - }, + }, { "SetSeverityByScore": { - "name": "SetSeverityByScore", + "name": "SetSeverityByScore", "script_executions": [ - "IncidentSet", - "IncidentSet", + "IncidentSet", + "IncidentSet", "IncidentSet" ] } - }, + }, { "RSAArcherManualFetch": { - "name": "RSAArcherManualFetch", + "name": "RSAArcherManualFetch", "depends_on": [ "archer-manually-fetch-incident" - ], + ], "script_executions": [ "createNewIncident" ] } - }, + }, { "CheckpointFWBackupStatus": { - "name": "CheckpointFWBackupStatus", + "name": "CheckpointFWBackupStatus", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "VolImageinfo": { "name": "VolImageinfo" } - }, + }, { "CBPApproveHash": { - "name": "CBPApproveHash", + "name": "CBPApproveHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "ParseEmailFile": { - "name": "ParseEmailFile", - "deprecated": true, + "name": "ParseEmailFile", + "deprecated": true, "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "GoogleappsRevokeUserRole": { - "name": "GoogleappsRevokeUserRole", + "name": "GoogleappsRevokeUserRole", "depends_on": [ "googleapps-revoke-user-role" ] } - }, + }, { "DBotPredictPhishingEvaluation": { - "name": "DBotPredictPhishingEvaluation", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingEvaluation", + "fromversion": "4.1.0", "script_executions": [ - "DBotPreparePhishingData", + "DBotPreparePhishingData", "setIncident" ] } - }, + }, { "DemistoUploadFile": { - "name": "DemistoUploadFile", + "name": "DemistoUploadFile", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SNListTickets": { - "name": "SNListTickets", - "deprecated": true, + "name": "SNListTickets", + "deprecated": true, "depends_on": [ "servicenow-incidents-query" ] } - }, + }, { "JiraIssueAddComment": { - "name": "JiraIssueAddComment", - "deprecated": true, + "name": "JiraIssueAddComment", + "deprecated": true, "depends_on": [ "jira-issue-add-comment" ] } - }, + }, { "AlgosecCreateTicket": { - "name": "AlgosecCreateTicket", + "name": "AlgosecCreateTicket", "depends_on": [ "algosec-create-ticket" ] } - }, + }, { "DeleteContext": { "name": "DeleteContext" } - }, + }, { "ADGetUsersByEmail": { - "name": "ADGetUsersByEmail", - "deprecated": true, + "name": "ADGetUsersByEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "LanguageDetect": { "name": "LanguageDetect" } - }, + }, { "IncapGetAppInfo": { - "name": "IncapGetAppInfo", + "name": "IncapGetAppInfo", "depends_on": [ "incap-get-app-info" ] } - }, + }, { "SplunkEmailParser": { - "name": "SplunkEmailParser", + "name": "SplunkEmailParser", "depends_on": [ "search" ] } - }, + }, { "GetTime": { "name": "GetTime" } - }, + }, { "PortListenCheck": { "name": "PortListenCheck" } - }, + }, { "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { - "name": "WhileNotExistLoop", + "name": "WhileNotExistLoop", "deprecated": true } - }, + }, { "PanoramaBlockIP": { - "name": "PanoramaBlockIP", - "deprecated": true, + "name": "PanoramaBlockIP", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "IdentifyAttachedEmail": { - "name": "IdentifyAttachedEmail", + "name": "IdentifyAttachedEmail", "script_executions": [ "getEntries" ] } - }, + }, { "D2Services": { "name": "D2Services" } - }, + }, { "AlgosecQuery": { - "name": "AlgosecQuery", + "name": "AlgosecQuery", "depends_on": [ "algosec-query" ] } - }, + }, { "AwsStartInstance": { - "name": "AwsStartInstance", + "name": "AwsStartInstance", "depends_on": [ "start-instance" ] } - }, + }, { "DomainReputation": { - "name": "DomainReputation", + "name": "DomainReputation", "script_executions": [ "domain" ] } - }, + }, { "GetDuplicatesMlv2": { - "name": "GetDuplicatesMlv2", - "fromversion": "3.5.0", + "name": "GetDuplicatesMlv2", + "fromversion": "3.5.0", "script_executions": [ - "getIncidents", - "findIndicators", + "getIncidents", + "findIndicators", "getIncidents" ] } - }, + }, { "JIRAPrintIssue": { - "name": "JIRAPrintIssue", + "name": "JIRAPrintIssue", "depends_on": [ "jira-get-issue" ] } - }, + }, { "FPDeleteRule": { - "name": "FPDeleteRule", + "name": "FPDeleteRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "isError": { "name": "isError" } - }, + }, { "CommonServerPython": { "name": "CommonServerPython" } - }, + }, { "10cb3486-48f3-4d93-88af-b6be84ffd432": { - "name": "OktaGetGroups", - "deprecated": true, + "name": "OktaGetGroups", + "deprecated": true, "depends_on": [ "okta-get-groups" ] } - }, + }, { "DocumentationAutomation": { - "name": "DocumentationAutomation", + "name": "DocumentationAutomation", "script_executions": [ "getFilePath" ] } - }, + }, { "FileReputation": { - "name": "FileReputation", + "name": "FileReputation", "script_executions": [ "file" ] } - }, + }, { "AreValuesEqual": { "name": "AreValuesEqual" } - }, + }, { "LCMDetectedEntities": { - "name": "LCMDetectedEntities", + "name": "LCMDetectedEntities", "depends_on": [ "lcm-entities" ] } - }, + }, { "UtilAnyResults": { "name": "UtilAnyResults" } - }, + }, { "ExampleJSScript": { "name": "ExampleJSScript" } - }, + }, { "UnEscapeIPs": { "name": "UnEscapeIPs" } - }, + }, { "OSQueryLoggedInUsers": { - "name": "OSQueryLoggedInUsers", + "name": "OSQueryLoggedInUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "FindSimilarIncidentsByText": { "name": "FindSimilarIncidentsByText" } - }, + }, { "IncapWhitelistCompliance": { - "name": "IncapWhitelistCompliance", + "name": "IncapWhitelistCompliance", "depends_on": [ - "incap-get-domain-approver-email", - "RemoteExec", - "incap-list-sites", + "incap-get-domain-approver-email", + "RemoteExec", + "incap-list-sites", "SendEmail" - ], + ], "script_executions": [ - "SendEmail", + "SendEmail", "RemoteExec" ] } - }, + }, { "c99e196b-e05e-41f2-82cb-6798f33cb653": { - "name": "cveSearch", - "deprecated": true, + "name": "cveSearch", + "deprecated": true, "depends_on": [ "cve-search" ] } - }, + }, { "5e125fdd-72f1-455f-89fa-e6f9405174a4": { "name": "NotInContextVerification" } - }, + }, { "ExtractDomain": { "name": "ExtractDomain" } - }, + }, { "DemistoCreateList": { - "name": "DemistoCreateList", + "name": "DemistoCreateList", "depends_on": [ "demisto-api-post" ] } - }, + }, { "ServiceNowQueryIncident": { - "name": "ServiceNowQueryIncident", + "name": "ServiceNowQueryIncident", "depends_on": [ "servicenow-query-table" ] } - }, + }, { "MimecastQuery": { - "name": "MimecastQuery", + "name": "MimecastQuery", "depends_on": [ "mimecast-query" ] } - }, + }, { "misp_download_sample": { - "name": "misp_download_sample", + "name": "misp_download_sample", "depends_on": [ "internal-misp-download-sample" ] } - }, + }, { "ExchangeDeleteIDsFromContext": { - "name": "ExchangeDeleteIDsFromContext", - "deprecated": true, + "name": "ExchangeDeleteIDsFromContext", + "deprecated": true, "depends_on": [ "ews-delete-items" ] } - }, + }, { "DumpJSON": { "name": "DumpJSON" } - }, + }, { "ADGetGroupComputers": { - "name": "ADGetGroupComputers", - "deprecated": true, + "name": "ADGetGroupComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "TrendmicroAntiMalwareEventRetrieve": { - "name": "TrendmicroAntiMalwareEventRetrieve", + "name": "TrendmicroAntiMalwareEventRetrieve", "depends_on": [ "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Sleep": { "name": "Sleep" } - }, + }, { "AdSearch": { - "name": "AdSearch", - "deprecated": true, + "name": "AdSearch", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "XBNotable": { - "name": "XBNotable", + "name": "XBNotable", "depends_on": [ "xb-notable" ] } - }, + }, { "GoogleappsGetUser": { - "name": "GoogleappsGetUser", - "deprecated": true, + "name": "GoogleappsGetUser", + "deprecated": true, "depends_on": [ "googleapps-get-user" ] } - }, + }, { "CBLiveFetchFiles": { - "name": "CBLiveFetchFiles", + "name": "CBLiveFetchFiles", "depends_on": [ "CBLiveGetFile" - ], + ], "script_executions": [ "CBLiveGetFile" ] } - }, + }, { "JiraIssueAddLink": { - "name": "JiraIssueAddLink", - "deprecated": true, + "name": "JiraIssueAddLink", + "deprecated": true, "depends_on": [ "jira-issue-add-link" ] } - }, + }, { "ContextSearchForString": { "name": "ContextSearchForString" } - }, + }, { "ShowOnMap": { "name": "ShowOnMap" } - }, + }, { "CBFindIP": { - "name": "CBFindIP", + "name": "CBFindIP", "depends_on": [ "CBSearch" - ], + ], "script_executions": [ "CBSearch" ] } - }, + }, { "D2Rekall": { "name": "D2Rekall" } - }, + }, { "CuckooGetReport": { - "name": "CuckooGetReport", + "name": "CuckooGetReport", "depends_on": [ "cuckoo-get-task-report" ] } - }, + }, { "BinarySearchPy": { - "name": "BinarySearchPy", + "name": "BinarySearchPy", "depends_on": [ "cb-process" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "Volatility": { "name": "Volatility" } - }, + }, { "GrrGetFiles": { - "name": "GrrGetFiles", + "name": "GrrGetFiles", "depends_on": [ "grr_get_files" - ], + ], "script_executions": [ "grr_get_files" ] } - }, + }, { "FetchFileD2": { "name": "FetchFileD2" } - }, + }, { "ToTable": { "name": "ToTable" } - }, + }, { "XBLockouts": { - "name": "XBLockouts", + "name": "XBLockouts", "depends_on": [ "xb-lockouts" ] } - }, + }, { "ExchangeAssignRole": { "name": "ExchangeAssignRole" } - }, + }, { "GrrSetHunts": { - "name": "GrrSetHunts", + "name": "GrrSetHunts", "depends_on": [ "grr_set_hunts" - ], + ], "script_executions": [ "grr_set_hunts" ] } - }, + }, { "MaliciousRatioReputation": { - "name": "MaliciousRatioReputation", - "fromversion": "4.0.0", + "name": "MaliciousRatioReputation", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "EPOFindSystem": { - "name": "EPOFindSystem", + "name": "EPOFindSystem", "depends_on": [ "epo-command" ] } - }, + }, { "TaniumAskQuestionComplex": { - "name": "TaniumAskQuestionComplex", - "deprecated": true, + "name": "TaniumAskQuestionComplex", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "deprecated": true } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "toversion": "3.0.1", + "name": "DataHashReputation", + "toversion": "3.0.1", "depends_on": [ "file" ] } - }, + }, { "GetIndicatorDBotScore": { - "name": "GetIndicatorDBotScore", - "fromversion": "3.5.0", + "name": "GetIndicatorDBotScore", + "fromversion": "3.5.0", "script_executions": [ "getIndicator" ] } - }, + }, { "HTTPListRedirects": { "name": "HTTPListRedirects" } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "deprecated": true, + "name": "DataHashReputation", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "CBEvents": { - "name": "CBEvents", + "name": "CBEvents", "depends_on": [ - "cb-process", + "cb-process", "process-events" ] } - }, + }, { "Whois": { - "name": "Whois", - "deprecated": true, + "name": "Whois", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "MarkAsNoteByTag": { - "name": "MarkAsNoteByTag", + "name": "MarkAsNoteByTag", "script_executions": [ - "getEntries", + "getEntries", "markAsNote" ] } - }, + }, { "TaniumApprovePendingActions": { - "name": "TaniumApprovePendingActions", - "deprecated": true, + "name": "TaniumApprovePendingActions", + "deprecated": true, "depends_on": [ - "tn-add-object", + "tn-add-object", "tn-get-object" ] } - }, + }, { "GenericPollingScheduledTask": { "name": "GenericPollingScheduledTask" } - }, + }, { "NessusListScans": { - "name": "NessusListScans", - "deprecated": true, + "name": "NessusListScans", + "deprecated": true, "depends_on": [ "scans-list" ] } - }, + }, { "TaniumAskQuestion": { - "name": "TaniumAskQuestion", - "deprecated": true, + "name": "TaniumAskQuestion", + "deprecated": true, "depends_on": [ - "tn-result-data", + "tn-result-data", "tn-result-info" ] } - }, + }, { "ExportToCSV": { "name": "ExportToCSV" } - }, + }, { "URLReputation": { - "name": "URLReputation", + "name": "URLReputation", "script_executions": [ "url" ] } - }, + }, { "IncidentAddSystem": { "name": "IncidentAddSystem" } - }, + }, { "FindSimilarIncidents": { - "name": "FindSimilarIncidents", + "name": "FindSimilarIncidents", "script_executions": [ "getContext" ] } - }, + }, { "CPDeleteRule": { - "name": "CPDeleteRule", - "deprecated": true, + "name": "CPDeleteRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", + "checkpoint", "checkpoint" ] } - }, + }, { "RegexGroups": { "name": "RegexGroups" } - }, + }, { "RemoteExec": { - "name": "RemoteExec", + "name": "RemoteExec", "depends_on": [ "ssh" ] } - }, + }, { "PublishEntriesToContext": { "name": "PublishEntriesToContext" } - }, + }, { "http": { - "name": "http", + "name": "http", "toversion": "3.1.0" } - }, + }, { "GoogleappsGetUserRoles": { - "name": "GoogleappsGetUserRoles", - "deprecated": true, + "name": "GoogleappsGetUserRoles", + "deprecated": true, "depends_on": [ "googleapps-get-user-roles" ] } - }, + }, { "ExchangeDeleteMail": { "name": "ExchangeDeleteMail" } - }, + }, { "SbUpload": { - "name": "SbUpload", + "name": "SbUpload", "depends_on": [ "sb-upload" ] } - }, + }, { "3dd62013-4fed-43eb-8ae4-91b1b4250599": { - "name": "OktaSetPassword", - "deprecated": true, + "name": "OktaSetPassword", + "deprecated": true, "depends_on": [ "okta-set-password" ] } - }, + }, { "D2Processes": { "name": "D2Processes" } - }, + }, { "IncapListSites": { - "name": "IncapListSites", + "name": "IncapListSites", "depends_on": [ "incap-list-sites" ] } - }, + }, { "ADGetEmailForAllUsers": { - "name": "ADGetEmailForAllUsers", - "deprecated": true, + "name": "ADGetEmailForAllUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooTaskStatus": { - "name": "CuckooTaskStatus", + "name": "CuckooTaskStatus", "depends_on": [ "cuckoo-view-task" ] } - }, + }, { "PWEvents": { - "name": "PWEvents", - "deprecated": true, + "name": "PWEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "NexposeEmailParserForVuln": { - "name": "NexposeEmailParserForVuln", + "name": "NexposeEmailParserForVuln", "depends_on": [ "nexpose" ] } - }, + }, { "CloseInvestigationAsDuplicate": { - "name": "CloseInvestigationAsDuplicate", + "name": "CloseInvestigationAsDuplicate", "script_executions": [ "linkIncidents" ] } - }, + }, { "GetDuplicatesMl": { - "name": "GetDuplicatesMl", - "fromversion": "3.5.0", - "deprecated": true, + "name": "GetDuplicatesMl", + "fromversion": "3.5.0", + "deprecated": true, "script_executions": [ - "getIncidents", - "findIndicators", + "getIncidents", + "findIndicators", "getIncidents" ] } - }, + }, { "FailedInstances": { - "name": "FailedInstances", + "name": "FailedInstances", "fromversion": "4.0.0" } - }, + }, { "UnPackFile": { - "name": "UnPackFile", + "name": "UnPackFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "http": { - "name": "http", + "name": "http", "fromversion": "3.5.0" } - }, + }, { "DBotPredictPhishingLabel": { - "name": "DBotPredictPhishingLabel", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingLabel", + "fromversion": "4.1.0", "script_executions": [ "DBotPredictTextLabel" ] } - }, + }, { "CPCreateBackup": { - "name": "CPCreateBackup", - "deprecated": true, + "name": "CPCreateBackup", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "ExtractIP": { "name": "ExtractIP" } - }, + }, { "CheckURLs": { - "name": "CheckURLs", - "deprecated": true, + "name": "CheckURLs", + "deprecated": true, "script_executions": [ "url" ] } - }, + }, { "SplunkPySearch": { - "name": "SplunkPySearch", + "name": "SplunkPySearch", "depends_on": [ "splunk-search" ] } - }, + }, { "GrrGetHunts": { - "name": "GrrGetHunts", + "name": "GrrGetHunts", "depends_on": [ "grr_get_hunts" - ], + ], "script_executions": [ "grr_get_hunts" ] } - }, + }, { "ImpSfSetEndpointStatus": { - "name": "ImpSfSetEndpointStatus", + "name": "ImpSfSetEndpointStatus", "depends_on": [ "imp-sf-set-endpoint-status" ] } - }, + }, { "PCAPMiner": { - "name": "PCAPMiner", + "name": "PCAPMiner", "script_executions": [ "getFilePath" ] } - }, + }, { "D2GetFile": { "name": "D2GetFile" } - }, + }, { "PagerDutyAssignOnCallUser": { - "name": "PagerDutyAssignOnCallUser", + "name": "PagerDutyAssignOnCallUser", "depends_on": [ "PagerDuty-get-users-on-call-now" ] } - }, + }, { "ExtractHTMLTables": { "name": "ExtractHTMLTables" } - }, + }, { "ContainsCreditCardInfo": { "name": "ContainsCreditCardInfo" } - }, + }, { "CBSearch": { "name": "CBSearch" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "toversion": "3.0.1" } - }, + }, { "DBotClosedIncidentsPercentage": { "name": "DBotClosedIncidentsPercentage" } - }, + }, { "CBAlerts": { - "name": "CBAlerts", + "name": "CBAlerts", "depends_on": [ "cb-alert" ] } - }, + }, { "ParseWordDoc": { - "name": "ParseWordDoc", + "name": "ParseWordDoc", "script_executions": [ "getFilePath" ] } - }, + }, { "VolJson": { "name": "VolJson" } - }, + }, { "SlackSend": { - "name": "SlackSend", - "deprecated": true, + "name": "SlackSend", + "deprecated": true, "depends_on": [ "slack-send" ] } - }, + }, { "ExposeList": { - "name": "ExposeList", + "name": "ExposeList", "deprecated": true } - }, + }, { "VectraHealth": { - "name": "VectraHealth", - "deprecated": true, + "name": "VectraHealth", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "D2ExecuteCommand": { "name": "D2ExecuteCommand" } - }, + }, { "46e2109c-b735-458e-884f-030229a20830": { "name": "SetByIncidentId" } - }, + }, { "dfa728bb-8291-4f8c-8185-53fad210f1b5": { "name": "VerifyHumanReadableContains" } - }, + }, { "ContextGetPathForString": { "name": "ContextGetPathForString" } - }, + }, { "LCMResolveHost": { - "name": "LCMResolveHost", + "name": "LCMResolveHost", "depends_on": [ "lcm-resolve-host" ] } - }, + }, { "IsGreaterThan": { "name": "IsGreaterThan" } - }, + }, { "SbQuota": { - "name": "SbQuota", + "name": "SbQuota", "depends_on": [ "sb-quota" ] } - }, + }, { "ContextFilter": { "name": "ContextFilter" } - }, + }, { "O365SearchEmails": { - "name": "O365SearchEmails", + "name": "O365SearchEmails", "script_executions": [ - "D2O365SearchAndDelete", + "D2O365SearchAndDelete", "D2O365ComplianceSearch" ] } - }, + }, { "AnalyzeOSX": { - "name": "AnalyzeOSX", + "name": "AnalyzeOSX", "depends_on": [ - "url", - "Osxcollector", + "url", + "Osxcollector", "file" ] } - }, + }, { "PWEventPcapDownload": { - "name": "PWEventPcapDownload", + "name": "PWEventPcapDownload", "depends_on": [ "event-pcap-download" ] } - }, + }, { "AnalyzeMemImage": { "name": "AnalyzeMemImage" } - }, + }, { "8bb47409-fffb-40c4-8601-d5fd20384e26": { - "name": "SetTime", + "name": "SetTime", "script_executions": [ "setIncident" ] } - }, + }, { "JiraGetIssue": { - "name": "JiraGetIssue", - "deprecated": true, + "name": "JiraGetIssue", + "deprecated": true, "depends_on": [ "jira-get-issue" ] } - }, + }, { "ADExpirePassword": { - "name": "ADExpirePassword", - "deprecated": true, + "name": "ADExpirePassword", + "deprecated": true, "depends_on": [ "ad-expire-password" ] } - }, + }, { "ImpSfRevokeUnaccessedDevices": { - "name": "ImpSfRevokeUnaccessedDevices", + "name": "ImpSfRevokeUnaccessedDevices", "depends_on": [ - "ImpSfSetEndpointStatus", + "ImpSfSetEndpointStatus", "ImpSfListEndpoints" - ], + ], "script_executions": [ - "SendEmail", - "ImpSfListEndpoints", + "SendEmail", + "ImpSfListEndpoints", "ImpSfSetEndpointStatus" ] } - }, + }, { "ADGetUser": { - "name": "ADGetUser", + "name": "ADGetUser", "depends_on": [ "ad-search" ] } - }, + }, { "SendEmail": { - "name": "SendEmail", + "name": "SendEmail", "depends_on": [ "send-mail" ] } - }, + }, { "EPOCheckLatestDAT": { - "name": "EPOCheckLatestDAT", + "name": "EPOCheckLatestDAT", "deprecated": true } - }, + }, { "PagerDutyAlertOnIncident": { - "name": "PagerDutyAlertOnIncident", + "name": "PagerDutyAlertOnIncident", "depends_on": [ "PagerDuty-submit-event" ] } - }, + }, { "URLExtract": { - "name": "URLExtract", + "name": "URLExtract", "deprecated": true } - }, + }, { "TaniumDeployAction": { - "name": "TaniumDeployAction", - "deprecated": true, + "name": "TaniumDeployAction", + "deprecated": true, "depends_on": [ "tn-deploy-package" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "toversion": "3.1.0", + "name": "SendEmailToManager", + "toversion": "3.1.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", + "AdSearch", "addOneTimeEntitlement" ] } - }, + }, { "StringReplace": { "name": "StringReplace" } - }, + }, { "TextFromHTML": { "name": "TextFromHTML" } - }, + }, { "CPShowBackupStatus": { - "name": "CPShowBackupStatus", - "deprecated": true, + "name": "CPShowBackupStatus", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "RunPollingCommand": { - "name": "RunPollingCommand", + "name": "RunPollingCommand", "fromversion": "4.0.0" } - }, + }, { "CBWatchlists": { - "name": "CBWatchlists", + "name": "CBWatchlists", "depends_on": [ "cb-watchlist-get" ] } - }, + }, { "DamSensorDown": { - "name": "DamSensorDown", + "name": "DamSensorDown", "depends_on": [ "dam-get-latest-by-rule" ] } - }, + }, { "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { - "name": "OktaDeactivateUser", - "deprecated": true, + "name": "OktaDeactivateUser", + "deprecated": true, "depends_on": [ "okta-deactivate-user" ] } - }, + }, { "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { - "name": "NetwitnessQuery", + "name": "NetwitnessQuery", "depends_on": [ "nw-sdk-query" ] } - }, + }, { "CBSensors": { - "name": "CBSensors", + "name": "CBSensors", "depends_on": [ "cb-list-sensors" ] } - }, + }, { "VolRunCmds": { "name": "VolRunCmds" } - }, + }, { "ADGetComputer": { - "name": "ADGetComputer", + "name": "ADGetComputer", "depends_on": [ "ad-search" ] } - }, + }, { "DemistoUploadFileToIncident": { - "name": "DemistoUploadFileToIncident", + "name": "DemistoUploadFileToIncident", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SbDownload": { - "name": "SbDownload", + "name": "SbDownload", "depends_on": [ "sb-download" ] } - }, + }, { "OSQueryBasicQuery": { - "name": "OSQueryBasicQuery", + "name": "OSQueryBasicQuery", "depends_on": [ "RemoteExec" - ], + ], "script_executions": [ "RemoteExec" ] } - }, + }, { "AggregateIOCs": { - "name": "AggregateIOCs", + "name": "AggregateIOCs", "deprecated": true } - }, + }, { "LinkIncidentsWithRetry": { - "name": "LinkIncidentsWithRetry", + "name": "LinkIncidentsWithRetry", "script_executions": [ - "linkIncidents", + "linkIncidents", "linkIncidents" ] } - }, + }, { "PDFUnlocker": { - "name": "PDFUnlocker", + "name": "PDFUnlocker", "script_executions": [ "getFilePath" ] } - }, + }, { "D2RegQuery": { "name": "D2RegQuery" } - }, + }, { "ExtractURL": { "name": "ExtractURL" } - }, + }, { "StringContains": { "name": "StringContains" } - }, + }, { "CPBlockIP": { - "name": "CPBlockIP", - "deprecated": true, + "name": "CPBlockIP", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "TrendmicroSecurityProfileAssignToHost": { - "name": "TrendmicroSecurityProfileAssignToHost", + "name": "TrendmicroSecurityProfileAssignToHost", "depends_on": [ "trendmicro-security-profile-assign-to-host" ] } - }, + }, { "JiraCreateIssue-example": { - "name": "JiraCreateIssue-example", + "name": "JiraCreateIssue-example", "depends_on": [ - "jira-create-issue", + "jira-create-issue", "jira-delete-issue" ] } - }, + }, { "VolApihooks": { "name": "VolApihooks" } - }, + }, { "ADGetCommonGroups": { - "name": "ADGetCommonGroups", - "deprecated": true, + "name": "ADGetCommonGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUserGroups" ] } - }, + }, { "NetwitnessSAGetComponents": { - "name": "NetwitnessSAGetComponents", + "name": "NetwitnessSAGetComponents", "depends_on": [ "nw-get-components" ] } - }, + }, { "QRadarGetCorrelationLogs": { - "name": "QRadarGetCorrelationLogs", + "name": "QRadarGetCorrelationLogs", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "CountArraySize": { "name": "CountArraySize" } - }, + }, { "ConvertXmlToJson": { "name": "ConvertXmlToJson" } - }, + }, { "D2PEDump": { "name": "D2PEDump" } - }, + }, { "CBPFindComputer": { - "name": "CBPFindComputer", + "name": "CBPFindComputer", "depends_on": [ "cbp-computer-search" ] } - }, + }, { "ClassifierNotifyAdmin": { - "name": "ClassifierNotifyAdmin", + "name": "ClassifierNotifyAdmin", "depends_on": [ "send-mail" ] } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "fromversion": "3.5.0", + "name": "SlackAskUser", + "fromversion": "3.5.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "Exists": { "name": "Exists" } - }, + }, { "NetwitnessSAGetEvents": { - "name": "NetwitnessSAGetEvents", + "name": "NetwitnessSAGetEvents", "depends_on": [ "nw-get-events" ] } - }, + }, { "DBotTrainTextClassifier": { - "name": "DBotTrainTextClassifier", - "fromversion": "4.1.0", + "name": "DBotTrainTextClassifier", + "fromversion": "4.1.0", "script_executions": [ - "getFilePath", + "getFilePath", "createList" ] } - }, + }, { "CommonServer": { "name": "CommonServer" } - }, + }, { "LCMDetectedIndicators": { - "name": "LCMDetectedIndicators", + "name": "LCMDetectedIndicators", "depends_on": [ "lcm-indicators" ] } - }, + }, { "SplunkSearch": { - "name": "SplunkSearch", - "deprecated": true, + "name": "SplunkSearch", + "deprecated": true, "depends_on": [ "search" ] } - }, + }, { "IsIPInSubnet": { - "name": "IsIPInSubnet", + "name": "IsIPInSubnet", "deprecated": true } - }, + }, { "TrendmicroHostRetrieveAll": { - "name": "TrendmicroHostRetrieveAll", + "name": "TrendmicroHostRetrieveAll", "depends_on": [ "trendmicro-host-retrieve-all" ] } - }, + }, { "getMlFeatures": { - "name": "getMlFeatures", - "fromversion": "3.5.0", + "name": "getMlFeatures", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", + "findIndicators", "getIncidents" ] } - }, + }, { "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { - "name": "SEPScan", + "name": "SEPScan", "depends_on": [ "sep-command-status" ] } - }, + }, { "PrintContext": { "name": "PrintContext" } - }, + }, { "D2O365SearchAndDelete": { "name": "D2O365SearchAndDelete" } - }, + }, { "DBotPreparePhishingData": { - "name": "DBotPreparePhishingData", - "fromversion": "4.1.0", + "name": "DBotPreparePhishingData", + "fromversion": "4.1.0", "script_executions": [ - "getContext", - "getIncidents", - "createList", + "getContext", + "getIncidents", + "createList", "WordTokenizer" ] } - }, + }, { "QRadarGetOffenseCorrelations": { - "name": "QRadarGetOffenseCorrelations", + "name": "QRadarGetOffenseCorrelations", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "ShowScheduledEntries": { "name": "ShowScheduledEntries" } - }, + }, { "EmailAskUserResponse": { "name": "EmailAskUserResponse" } - }, + }, { "IsEmailAddressInternal": { "name": "IsEmailAddressInternal" } - }, + }, { "DemistoGetIncidentTasksByState": { "name": "DemistoGetIncidentTasksByState" } - }, + }, { "VectraGetHostById": { - "name": "VectraGetHostById", - "deprecated": true, + "name": "VectraGetHostById", + "deprecated": true, "depends_on": [ "vec-get-host-by-id" ] } - }, + }, { "DefaultIncidentClassifier": { "name": "DefaultIncidentClassifier" } - }, + }, { "TestCreateTagTextFile": { - "name": "TestCreateTagTextFile", + "name": "TestCreateTagTextFile", "script_executions": [ "createList" ] } - }, + }, { "TestCreateWordFile": { "name": "TestCreateWordFile" } - }, + }, { "GenerateImageFileEntry": { "name": "GenerateImageFileEntry" } - }, + }, { "a18ff76e-c462-4daa-8be2-6a1b5308713f": { "name": "TestCreateDuplicates" } - }, + }, { "c5cb179f-d6d2-4d87-8857-b224689d5b00": { "name": "VerifyTreeToFlatObject" } - }, + }, { "GenerateUUID": { "name": "GenerateUUID" } - }, + }, { "TestXml2JSON": { "name": "TestXml2JSON" } - }, + }, { "3b260f00-772c-4d4e-84ea-e47226637497": { - "name": "VerifyHumanReadableEquals", + "name": "VerifyHumanReadableEquals", "fromversion": "3.6.0" } - }, + }, { "ValidateErrorExistence": { - "name": "ValidateErrorExistence", + "name": "ValidateErrorExistence", "script_executions": [ "getEntries" ] } - }, + }, { "CompleteManualTask": { - "name": "CompleteManualTask", + "name": "CompleteManualTask", "script_executions": [ - "DemistoGetIncidentTasksByState", + "DemistoGetIncidentTasksByState", "taskComplete" ] } - }, + }, { "GenerateIP": { "name": "GenerateIP" } - }, + }, { "CarbonBlackResponseFilterSensors": { "name": "CarbonBlackResponseFilterSensors" } - }, + }, { "RaiseError": { "name": "RaiseError" } - }, + }, { "GenerateEmail": { "name": "GenerateEmail" } - }, + }, { "PhishingIncident": { - "name": "PhishingIncident", + "name": "PhishingIncident", "script_executions": [ "setIncident" ] } - }, + }, { "VerifyTableToMarkDown": { "name": "VerifyTableToMarkDown" } - }, + }, { "TestFormatTableValues": { "name": "TestFormatTableValues" } - }, + }, { "TestCreateIncidents": { - "name": "TestCreateIncidents", + "name": "TestCreateIncidents", "script_executions": [ - "createNewIncident", + "createNewIncident", "createNewIncident" ] } - }, + }, { "TestPYCommonServer": { "name": "TestPYCommonServer" } - }, + }, { "CreateDuplicateIncident": { - "name": "CreateDuplicateIncident", + "name": "CreateDuplicateIncident", "script_executions": [ "createNewIncident" ] } - }, + }, { "c0eb84c3-8771-4f9f-833e-1017112d6215": { "name": "ThrowException" } - }, + }, { "SsdeepReputationTest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "script_executions": [ - "findIndicators", - "createNewIndicator", - "createNewIndicator", + "findIndicators", + "createNewIndicator", + "createNewIndicator", "createNewIndicator" ] } - }, + }, { "CreateBinaryFile": { "name": "CreateBinaryFile" } - }, + }, { "GetFirstObject": { "name": "GetFirstObject" } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } } - ], + ], "playbooks": [ { "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ "Search And Delete Emails - EWS" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", + "CloseInvestigation", + "IncidentSet", "commentsToContext" - ], + ], "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", "servicenow-incident-create" ] } - }, + }, { "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, + "name": "Get Original Email - Generic", + "fromversion": 4.0, "implementing_playbooks": [ - "Get Original Email - Gmail", + "Get Original Email - Gmail", "Get Original Email - EWS" ] } - }, + }, { "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "phish-ai-check-status", + "phish-ai-check-status", "phish-ai-scan-url" ] } - }, + }, { "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-get-task-report", "cuckoo-create-task-from-url" ] } - }, + }, { "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Cylance Protect", "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-details" ] } - }, + }, { "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - Carbon Black Enterprise Response", "Get File Sample From Path - D2" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ "rasterize-email" ] } - }, + }, { "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-upload-file", + "lastline-upload-file", "lastline-get-report" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", + "name": "GenericPolling", + "fromversion": "4.0.0", "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", + "ScheduleGenericPolling", + "RunPollingCommand", "PrintErrorEntry" ] } - }, + }, { "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExposeModules", - "Autoruns", + "ExposeModules", + "Autoruns", "Exists" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", "Calculate Severity - Critical assets" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", + "CBPFindRule", + "Set", + "CBPCatalogFindHash", "Exists" - ], + ], "implementing_commands": [ "cbp-computer-get" ] } - }, + }, { "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", + "name": "Incident Enrichment", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExtractURL", - "ExtractHash", + "ExtractURL", + "ExtractHash", "ExtractIP" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "Exists", + "Exists", "SendEmail" - ], + ], "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-search" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "crowdstrike-detonate-file" ] } - }, + }, { "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", + "name": "Enrich McAfee DXL using 3rd party sandbox", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "WildFire - Detonate file" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", + "name": "Tenable.io Scan", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", "tenable-io-get-scan-status" ] } - }, + }, { "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", "Block Account - Generic" ] } - }, + }, { "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-get-samples-state", "threat-grid-url-to-file" ] } - }, + }, { "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", "TrendMicroGetHostID" ] } - }, + }, { "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", "gvault-get-mail-results" ] } - }, + }, { "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", "Email Address Enrichment - Generic" ] } - }, + }, { "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", + "joe-download-report", + "joe-analysis-submit-url", "joe-analysis-info" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-sample", + "crowdstrike-submit-sample", "crowdstrike-scan" ] } - }, + }, { "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-device-details" ] } - }, + }, { "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "cveReputation" - ], + ], "implementing_commands": [ "cve-search" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", + "Print", + "CloseInvestigationAsDuplicate", "GetDuplicatesMl" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", "Detonate File - Generic" ] } - }, + }, { "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ - "QualysCreateIncidentFromReport", + "QualysCreateIncidentFromReport", "Set" - ], + ], "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", + "qualys-report-fetch", + "closeInvestigation", "qualys-report-list" ] } - }, + }, { "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, + "name": "Get Original Email - Gmail", + "fromversion": 4.0, "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", + "gmail-get-attachments", + "gmail-search", "gmail-get-mail" ] } - }, + }, { "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-check-status", + "atd-get-report", + "atd-check-status", "atd-file-upload" ] } - }, + }, { "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-get-report", + "lastline-get-report", "lastline-upload-url" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", "WildFire - Detonate file" ] } - }, + }, { "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", + "name": "Process Email - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "IsIntegrationAvailable", + "IsIntegrationAvailable", "Exists" - ], + ], "implementing_commands": [ - "slack-send", + "slack-send", "ExposeModules" ] } - }, + }, { "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentAddSystem", + "IncidentAddSystem", "FetchFileD2" ] } - }, + }, { "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, + "name": "Get Original Email - EWS", + "fromversion": 4.0, "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Set" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", + "ews-search-mailbox", + "ews-get-attachment", "ews-get-items" ] } - }, + }, { "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", + "CBPFindRule", + "CBPCatalogFindHash", "Exists" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", "implementing_scripts": [ - "StringContains", - "Set", + "StringContains", + "Set", "Exists" ] } - }, + }, { "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", "CPCreateBackup" ] } - }, + }, { "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "EPOFindSystem", - "Exists", + "EPOFindSystem", + "Exists", "ADGetComputer" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", + "cylance-protect-get-devices", + "cb-sensor-info", "so-agents-query" ] } - }, + }, { "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", "implementing_playbooks": [ - "QRadar - Get offense correlations", + "QRadar - Get offense correlations", "Access Investigation - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", "gvault-get-groups-results" ] } - }, + }, { "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", "DBotPreparePhishingData" ] } - }, + }, { "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", "Detonate URL - McAfee ATD" ] } - }, + }, { "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-sc-get-scan-report", + "tenable-sc-get-scan-report", "tenable-sc-launch-scan" ] } - }, + }, { "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload-file-remote", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", "implementing_commands": [ - "cb-sensor-info", + "cb-sensor-info", "cb-quarantine-device" ] } - }, + }, { "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", + "name": "DeDup incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "FindSimilarIncidents", + "FindSimilarIncidents", "CloseInvestigationAsDuplicate" ] } - }, + }, { "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-assets-scan", + "nexpose-start-assets-scan", "nexpose-get-scan" ] } - }, + }, { "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", "ExtractIP" ] } - }, + }, { "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", "NexposeEmailParser" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", + "name": "Dedup - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", "FindSimilarIncidents" ] } - }, + }, { "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", "Search Endpoints By Hash - Generic" ] } - }, + }, { "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", "implementing_commands": [ - "cb-get-hash-blacklist", + "cb-get-hash-blacklist", "cb-block-hash" ] } - }, + }, { "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "BuildEWSQuery" - ], + ], "implementing_commands": [ - "ews-search-mailboxes", + "ews-search-mailboxes", "ews-delete-items" ] } - }, + }, { "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", + "name": "MAR - Endpoint data collection", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "mar-search-multiple" ] } - }, + }, { "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-url", + "crowdstrike-submit-url", "crowdstrike-scan" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", + "IsIPInRanges", + "IPToHost", "IPReputation" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" - ], + ], "implementing_commands": [ "vt-private-get-ip-report" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "DomainReputation" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", + "name": "QRadarFullSearch", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", + "name": "Arcsight - Get events related to the Case", "implementing_scripts": [ - "IncidentSet", - "Set", + "IncidentSet", + "Set", "Exists" - ], + ], "implementing_commands": [ - "as-get-security-events", - "as-get-case", + "as-get-security-events", + "as-get-case", "as-get-case-event-ids" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", "Exists" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", "implementing_scripts": [ - "QRadarGetCorrelationLogs", + "QRadarGetCorrelationLogs", "QRadarGetOffenseCorrelations" ] } - }, + }, { "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", + "name": "Block IP - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ "PanoramaBlockIP" - ], + ], "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ - "zscaler-blacklist-ip", + "zscaler-blacklist-ip", "checkpoint-block-ip" ] } - }, + }, { "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "playbook3": { - "name": "Ransomware Playbook - Manual", + "name": "Ransomware Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", + "name": "Enrich DXL with ATD verdict", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "ATD - Detonate File" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", "sndbox-download-report" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": 4.0, + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } - }, + }, { "playbook2": { - "name": "Phishing Playbook - Manual", + "name": "Phishing Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", "Carbon black Protection Rapid IOC Hunting" ] } - }, + }, { "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "ReadPDFFile", - "Set", + "ReadPDFFile", + "Set", "ExtractIndicatorsFromTextFile" ] } - }, + }, { "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", + "name": "Sentinel One - Endpoint data collection", "implementing_scripts": [ - "Print", + "Print", "Exists" - ], + ], "implementing_commands": [ - "so-agents-query", + "so-agents-query", "so-get-agent-processes" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", + "name": "Process Email - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_playbooks": [ "Get Original Email - Generic" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", + "CloseInvestigation", + "commentsToContext", "Ping" - ], + ], "implementing_commands": [ "servicenow-incident-create" ] } - }, + }, { "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", "setIncident" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "StringContains", + "Print", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "playbook8": { - "name": "Lost / Stolen Device Playbook", + "name": "Lost / Stolen Device Playbook", "fromversion": "2.5.0" } - }, + }, { "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "DisplayHTML" - ], + ], "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "qualys-host-list", + "qualys-host-list", "qualys-vulnerability-list" ] } - }, + }, { "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", "ExtractURL" - ], + ], "implementing_playbooks": [ "Hunt for bad IOCs" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "CBFindHash" ] } - }, + }, { "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-site-scan", + "nexpose-start-site-scan", "nexpose-get-scan" ] } - }, + }, { "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", "panorama-commit-status" ] } - }, + }, { "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", "SlackAskUser" - ], + ], "implementing_commands": [ "slack-send" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", + "name": "WildFire - Detonate file", + "toversion": "3.1.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "File Enrichment - File reputation", + "File Enrichment - File reputation", "File Enrichment - Virus Total Private API" - ], + ], "implementing_commands": [ - "cylance-protect-get-threat", + "cylance-protect-get-threat", "pan-appframework-search-by-file-hash" ] } - }, + }, { "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ "NexposeCreateIncidentsFromAssets" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", + "closeInvestigation", + "nexpose-create-assets-report", "nexpose-search-assets" ] } - }, + }, { "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", + "name": "Archer initiate incident", + "fromversion": "3.5.0", "implementing_commands": [ "archer-get-file" ] } - }, + }, { "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", + "name": "Block File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Block File - Carbon Black Response" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Set" ] } - }, + }, { "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", "implementing_commands": [ "minemeld-add-to-miner" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "DomainReputation" - ], + ], "implementing_commands": [ "vt-private-get-domain-report" ] } - }, + }, { "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", "SendEmail" - ], + ], "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", + "epo-update-repository", + "epo-get-latest-dat", "epo-get-current-dat" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", + "vt-private-get-url-report", "rasterize" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", "cuckoo-create-task-from-file" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", + "name": "Account Enrichment", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", "Enrichment Playbook" ] } - }, + }, { "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", "implementing_scripts": [ "CloseInvestigation" - ], + ], "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", + "TwilioSendSMS", + "slack-send", + "demisto-api-get", "setIncident" ] } - }, + }, { "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", + "name": "ATD - Detonate File", + "toversion": "3.6.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "detonate-file" ] } - }, + }, { "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", + "name": "Block Account - Generic", + "fromversion": "4.0.0", "implementing_commands": [ "ad-disable-account" ] } - }, + }, { "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", "implementing_commands": [ - "vt-private-check-file-behaviour", + "vt-private-check-file-behaviour", "vt-private-get-file-report" ] } - }, + }, { "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", + "name": "Block URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ "zscaler-blacklist-url" ] } - }, + }, { "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", + "name": "Process Email", + "fromversion": "2.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" ] } - }, + }, { "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", + "AssignAnalystToIncident", + "ADGetUser", "EmailAskUser" - ], + ], "implementing_playbooks": [ - "IP Enrichment - Generic", + "IP Enrichment - Generic", "Account Enrichment - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", "implementing_scripts": [ "EPOFindSystem" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBLiveGetFile", + "CBLiveGetFile", "Exists" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ - "wildfire-report", + "wildfire-report", "detonate-file" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", + "name": "Detonate File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", "Detonate File - ThreatGrid" ] } - }, + }, { "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", + "name": "D2 - Endpoint data collection", "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", "AreValuesEqual" ] } - }, + }, { "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", + "name": "Enrichment Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", + "Print", + "FileReputation", + "IPReputation", + "Exists", "URLReputation" ] } - }, + }, { "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", "ews-o365-start-compliance-search" ] } - }, + }, { "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ "GetIndicatorDBotScore" ] } - }, + }, { "playbook0": { - "name": "Default", - "fromversion": "3.5.0", + "name": "Default", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", + "name": "ATD - Detonate File", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", + "joe-download-report", + "joe-analysis-info", "joe-analysis-submit-sample" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", + "IsIPInRanges", + "IPReputation", "Exists" ] } - }, + }, { "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "SandboxDetonateFile", + "Print", + "SandboxDetonateFile", "Exists" ] } - }, + }, { "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", + "joe-download-report", "joe-analysis-submit-sample" ] } - }, + }, { "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBFindHash", + "CBFindHash", "Exists" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "Endpoint data collection": { - "name": "Endpoint data collection", + "name": "Endpoint data collection", "implementing_scripts": [ "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", "D2 - Endpoint data collection" ] } - }, + }, { "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Cylance Protect", "Get File Sample From Hash - Carbon Black Enterprise Response" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", + "threat-grid-upload-sample", "threat-grid-get-samples-state" ] } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } } - ], + ], "integrations": [ { "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", "cybereason-update-malop-status" ] } - }, + }, { "Giphy": { - "name": "Giphy", + "name": "Giphy", "commands": [ "giphy" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", "nw-broker-mon" ] } - }, + }, { "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", "reversinglabs-download-unpacked" ] } - }, + }, { "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", "vmware-get-events" ] } - }, + }, { "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", "archer-get-user-id" ] } - }, + }, { "vmray": { - "name": "vmray", + "name": "vmray", "commands": [ - "upload_sample", - "get_results", + "upload_sample", + "get_results", "get_job_sample" ] } - }, + }, { "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", "jira-delete-issue" ] } - }, + }, { "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", "verodin-job-cancel" ] } - }, + }, { "dnstwist": { - "name": "dnstwist", + "name": "dnstwist", "commands": [ "dnstwist-domain-variations" ] } - }, + }, { "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", "ews-move-item" ] } - }, + }, { "OpenPhish": { - "name": "OpenPhish", + "name": "OpenPhish", "commands": [ - "url", - "openphish-reload", + "url", + "openphish-reload", "openphish-status" ] } - }, + }, { "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", "nsm-get-attacks" ] } - }, + }, { "ipinfo": { - "name": "ipinfo", + "name": "ipinfo", "commands": [ - "ip", + "ip", "ipinfo_field" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", "demisto-delete-incidents" ] } - }, + }, { "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", "satp-incidents" ] } - }, + }, { "McAfee Active Response": { - "name": "McAfee Active Response", + "name": "McAfee Active Response", "commands": [ - "mar-search", - "mar-collectors-list", + "mar-search", + "mar-collectors-list", "mar-search-multiple" ] } - }, + }, { "Aella Star Light": { - "name": "Aella Star Light", + "name": "Aella Star Light", "commands": [ "aella-get-event" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "Cisco CloudLock": { - "name": "Cisco CloudLock", + "name": "Cisco CloudLock", "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", + "cloudlock-get-users", + "cloudlock-get-user-apps", "cloudlock-get-activities" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", "cb-push-file-to-endpoint" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", + "name": "Pipl", + "fromversion": "3.5.0", "commands": [ - "pipl-search", + "pipl-search", "email" ] } - }, + }, { "Forcepoint": { - "name": "Forcepoint", + "name": "Forcepoint", "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", "fp-delete-address-from-category" ] } - }, + }, { "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", "fireeye-hx-get-host-set-information" ] } - }, + }, { "Threat Crowd": { - "name": "Threat Crowd", + "name": "Threat Crowd", "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", "threat-crowd-file" ] } - }, + }, { "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", + "name": "Palo Alto AppFramework", "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", "pan-appframework-search-by-file-hash" ] } - }, + }, { "Phishme Intelligence": { - "name": "Phishme Intelligence", + "name": "Phishme Intelligence", "commands": [ - "url", - "file", - "ip", - "phishme-search", + "url", + "file", + "ip", + "phishme-search", "email" ] } - }, + }, { "Remedy AR": { - "name": "Remedy AR", + "name": "Remedy AR", "commands": [ "remedy-get-server-details" ] } - }, + }, { "Intezer": { - "name": "Intezer", + "name": "Intezer", "commands": [ - "file", + "file", "intezer-upload" ] } - }, + }, { "AlgoSec": { - "name": "AlgoSec", + "name": "AlgoSec", "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", "algosec-query" ] } - }, + }, { "Zoom": { - "name": "Zoom", + "name": "Zoom", "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", "zoom-delete-user" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", "threat-grid-get-analysis-processes" ] } - }, + }, { "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", "qradar-delete-reference-set-value" ] } - }, + }, { "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", "splunk-parse-raw" ] } - }, + }, { "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", "domain" ] } - }, + }, { "LogRhythm": { - "name": "LogRhythm", + "name": "LogRhythm", "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", "lr-get-alarms" ] } - }, + }, { "Service Manager": { - "name": "Service Manager", + "name": "Service Manager", "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", "hpsm-get-device" ] } - }, + }, { "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Netskope": { - "name": "Netskope", + "name": "Netskope", "commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "McAfee Web Gateway": { - "name": "McAfee Web Gateway", + "name": "McAfee Web Gateway", "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", "mwg-delete-entry" ] } - }, + }, { "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", "as-search" ] } - }, + }, { "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", "cb-watchlist" ] } - }, + }, { "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", "zscaler-get-whitelist" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", "fe-config" ] } - }, + }, { "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", "device" ] } - }, + }, { "Skyformation": { - "name": "Skyformation", + "name": "Skyformation", "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", + "skyformation-get-accounts", + "skyformation-suspend-user", "skyformation-unsuspend-user" ] } - }, + }, { "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", "cisco-spark-send-message-to-room" ] } - }, + }, { "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", "as-case-delete" ] } - }, + }, { "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", "nexpose-get-scans" ] } - }, + }, { "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", "cylance-protect-delete-devices" ] } - }, + }, { "Cyber Triage": { - "name": "Cyber Triage", + "name": "Cyber Triage", "commands": [ "ct-triage-endpoint" ] } - }, + }, { "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", "endgame-investigation-status" ] } - }, + }, { "Kenna": { - "name": "Kenna", + "name": "Kenna", "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", "kenna-update-vulnerability" ] } - }, + }, { "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", "meraki-update-firewall-rules" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AWS Sagemaker": { - "name": "AWS Sagemaker", + "name": "AWS Sagemaker", "commands": [ "predict-phishing" ] } - }, + }, { "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", "crowdstrike-submit-file-by-url" ] } - }, + }, { "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", "domainProfile" ] } - }, + }, { "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", "jask-search-entities" ] } - }, + }, { "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", + "name": "Server Message Block (SMB)", "commands": [ "smb-download" ] } - }, + }, { "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", "esm-list-alarm-events" ] } - }, + }, { "nmap": { - "name": "nmap", + "name": "nmap", "commands": [ "nmap-scan" ] } - }, + }, { "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", + "name": "ReversingLabs Titanium Cloud", "commands": [ "file" ] } - }, + }, { "Farsight DNSDB": { - "name": "Farsight DNSDB", + "name": "Farsight DNSDB", "commands": [ - "dnsdb-rdata", + "dnsdb-rdata", "dnsdb-rrset" ] } - }, + }, { "Symantec MSS": { - "name": "Symantec MSS", + "name": "Symantec MSS", "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", + "symantec-mss-update-incident", + "symantec-mss-get-incident", "symantec-mss-incidents-list" ] } - }, + }, { "EWS Mail Sender": { - "name": "EWS Mail Sender", + "name": "EWS Mail Sender", "commands": [ "send-mail" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", "wildfire-upload-file-remote" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", "microsoft-atp-list-alerts" ] } - }, + }, { "Mail Sender (New)": { - "name": "Mail Sender (New)", + "name": "Mail Sender (New)", "commands": [ "send-mail" ] } - }, + }, { "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", "attivo-list-users" ] } - }, + }, { "Sample Incident Generator": { "name": "Sample Incident Generator" } - }, + }, { "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", + "name": "Hybrid Analysis", + "fromversion": "3.6.1", "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", "hybrid-analysis-detonate-file" ] } - }, + }, { "Anomali ThreatStream": { - "name": "Anomali ThreatStream", + "name": "Anomali ThreatStream", "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", "ip" ] } - }, + }, { "PacketMail": { - "name": "PacketMail", + "name": "PacketMail", "commands": [ "packetmail-ip" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", "umbrella-get-url-timeline" ] } - }, + }, { "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", "cbd-set-policy" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", + "name": "OPSWAT-Metadefender", "commands": [ - "opswat-hash", - "opswat-scan-file", + "opswat-hash", + "opswat-scan-file", "opswat-scan-result" ] } - }, + }, { "ActiveMQ": { - "name": "ActiveMQ", + "name": "ActiveMQ", "commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", + "name": "Cisco Email Security Appliance (IronPort)", "commands": [ "ironport-report" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "IsItPhishing": { - "name": "IsItPhishing", + "name": "IsItPhishing", "commands": [ "url" ] } - }, + }, { "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", "okta-update-user" ] } - }, + }, { "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", "aws-ec2-modify-instance-attribute" ] } - }, + }, { "Blockade.io": { - "name": "Blockade.io", + "name": "Blockade.io", "commands": [ - "blockade-get-indicators", + "blockade-get-indicators", "blockade-add-indicators" ] } - }, + }, { "AlphaSOC Network Behavior Analytics": { "name": "AlphaSOC Network Behavior Analytics" } - }, + }, { "Recorded Future": { - "name": "Recorded Future", + "name": "Recorded Future", "commands": [ - "domain", - "ip", - "file", + "domain", + "ip", + "file", "recorded-future-get-related-entities" ] } - }, + }, { "CVE Search": { - "name": "CVE Search", + "name": "CVE Search", "commands": [ - "cve-search", + "cve-search", "cve-latest" ] } - }, + }, { "SNDBOX": { - "name": "SNDBOX", + "name": "SNDBOX", "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", "sndbox-download-sample" ] } - }, + }, { "Demisto Lock": { - "name": "Demisto Lock", + "name": "Demisto Lock", "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", "demisto-lock-release-all" ] } - }, + }, { "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", "f5-list-all-user-sessions" ] } - }, + }, { "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", "mimecast-download-attachments" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", "redcanary-get-detection" ] } - }, + }, { "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", "joe-download-sample" ] } - }, + }, { "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", "aws-cloudtrail-lookup-events" ] } - }, + }, { "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", "threatexchange-members" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", "secure-works-get-tickets-ids" ] } - }, + }, { "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", "aws-get-ebs-volume-info" ] } - }, + }, { "ArcSight XML": { - "name": "ArcSight XML", + "name": "ArcSight XML", "commands": [ - "arcsight-update-case", + "arcsight-update-case", "arcsight-fetch-xml" ] } - }, + }, { "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", "vt-comments-get" ] } - }, + }, { "MxToolBox": { - "name": "MxToolBox", + "name": "MxToolBox", "commands": [ "mxtoolbox" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", "lcm-host-autoruns" ] } - }, + }, { "Packetsled": { - "name": "Packetsled", + "name": "Packetsled", "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", "packetsled-get-events" ] } - }, + }, { "Censys": { - "name": "Censys", + "name": "Censys", "commands": [ - "cen-view", + "cen-view", "cen-search" ] } - }, + }, { "Imperva Skyfence": { - "name": "Imperva Skyfence", + "name": "Imperva Skyfence", "commands": [ - "imp-sf-list-endpoints", + "imp-sf-list-endpoints", "imp-sf-set-endpoint-status" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", "minemeld-get-all-miners-names" ] } - }, + }, { "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", + "name": "GoogleSafeBrowsing", "commands": [ "url" ] } - }, + }, { "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", "salesforce-delete-case" ] } - }, + }, { "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", "scadafence-getAllConnections" ] } - }, + }, { "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", "hashicorp-create-token" ] } - }, + }, { "Proofpoint TAP": { - "name": "Proofpoint TAP", + "name": "Proofpoint TAP", "commands": [ "proofpoint-get-events" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", "threat-grid-get-specific-feed" ] } - }, + }, { "iDefense": { - "name": "iDefense", + "name": "iDefense", "commands": [ - "ip", - "domain", - "url", - "idefense-general", + "ip", + "domain", + "url", + "idefense-general", "uuid" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Venafi": { - "name": "Venafi", + "name": "Venafi", "commands": [ - "venafi-get-certificates", + "venafi-get-certificates", "venafi-get-certificate-details" ] } - }, + }, { "CyberArkAIM": { - "name": "CyberArkAIM", + "name": "CyberArkAIM", "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", "account-details" ] } - }, + }, { "Autofocus": { - "name": "Autofocus", + "name": "Autofocus", "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", "file" ] } - }, + }, { "AbuseIPDB": { - "name": "AbuseIPDB", + "name": "AbuseIPDB", "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", "abuseipdb-get-categories" ] } - }, + }, { "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", + "name": "McAfee Threat Intelligence Exchange", "commands": [ - "file", - "tie-set-file-reputation", + "file", + "tie-set-file-reputation", "tie-file-references" ] } - }, + }, { "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", "checkpoint-delete-rule" ] } - }, + }, { "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", "PagerDuty-acknowledge-event" ] } - }, + }, { "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", "gmail-add-filter" ] } - }, + }, { "Centreon": { - "name": "Centreon", + "name": "Centreon", "commands": [ - "centreon-get-host-status", + "centreon-get-host-status", "centreon-get-service-status" ] } - }, + }, { "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", "netwitness-blacklist-domains" ] } - }, + }, { "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", "pt-ssl-cert-search" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", "so-reslove-threats" ] } - }, + }, { "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", "amp_get_version" ] } - }, + }, { "AWS - SQS": { - "name": "AWS - SQS", + "name": "AWS - SQS", "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", "aws-sqs-purge-queue" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", "cb-terminate-process" ] } - }, + }, { "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", "aws-route53-upsert-record" ] } - }, + }, { "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", "tn-get-action" ] } - }, + }, { "FireEye ETP": { - "name": "FireEye ETP", + "name": "FireEye ETP", "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", "fireeye-etp-get-alert" ] } - }, + }, { "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", "vigilante-account-usage-info" ] } - }, + }, { "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", "rs-incidents-get-tasks" ] } - }, + }, { "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", "aws-iam-delete-account-alias" ] } - }, + }, { "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", "sep-client-content" ] } - }, + }, { "SumoLogic": { - "name": "SumoLogic", + "name": "SumoLogic", "commands": [ "search" ] } - }, + }, { "Pwned": { - "name": "Pwned", + "name": "Pwned", "commands": [ - "pwned-email", - "pwned-domain", + "pwned-email", + "pwned-domain", "email" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", + "name": "urlscan.io", + "toversion": "3.1.0", "commands": [ - "url", - "ip", - "file", + "url", + "ip", + "file", "urlscan-submit" ] } - }, + }, { "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", "lastline-get-task-list" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", + "name": "urlscan.io", + "fromversion": "3.5.0", "commands": [ - "urlscan-search", - "urlscan-submit", + "urlscan-search", + "urlscan-submit", "url" ] } - }, + }, { "OpsGenie": { - "name": "OpsGenie", + "name": "OpsGenie", "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", "opsgenie-get-schedule-timeline" ] } - }, + }, { "McAfeeDAM": { - "name": "McAfeeDAM", + "name": "McAfeeDAM", "commands": [ - "dam-get-alert-by-id", + "dam-get-alert-by-id", "dam-get-latest-by-rule" ] } - }, + }, { "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", "okta-get-group-members" ] } - }, + }, { "Devo": { - "name": "Devo", + "name": "Devo", "commands": [ "devo-query" ] } - }, + }, { "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", "aws-securityhub-update-finding" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "RedLock": { - "name": "RedLock", + "name": "RedLock", "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", "redlock-list-alert-filters" ] } - }, + }, { "Whois": { - "name": "Whois", - "fromversion": "4.1.0", + "name": "Whois", + "fromversion": "4.1.0", "commands": [ "whois" ] } - }, + }, { "SafeBreach": { - "name": "SafeBreach", + "name": "SafeBreach", "commands": [ - "safebreach-rerun", + "safebreach-rerun", "safebreach-get-simulation" ] } - }, + }, { "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", + "name": "AlphaSOC Wisdom", "commands": [ - "wisdom-domain-flags", + "wisdom-domain-flags", "wisdom-ip-flags" ] } - }, + }, { "jamf": { - "name": "jamf", + "name": "jamf", "commands": [ - "jamf-get-computers", + "jamf-get-computers", "jamf-get-computers-match" ] } - }, + }, { "CIRCL": { - "name": "CIRCL", + "name": "CIRCL", "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-ssl-get-certificate" ] } - }, + }, { "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", "panorama-push-status" ] } - }, + }, { "icebrg": { - "name": "icebrg", + "name": "icebrg", "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", "icebrg-get-report-assets" ] } - }, + }, { "EasyVista": { - "name": "EasyVista", + "name": "EasyVista", "commands": [ "easy-vista-search" ] } - }, + }, { "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", "tc-get-incident-associate-indicators" ] } - }, + }, { "BitDam": { - "name": "BitDam", + "name": "BitDam", "commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", "aws-s3-upload-file" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", "atd-login" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", + "name": "Mimecast", + "fromversion": "1.6.2", "commands": [ "mimecast-query" ] } - }, + }, { "Shodan": { - "name": "Shodan", + "name": "Shodan", "commands": [ - "search", + "search", "ip" ] } - }, + }, { "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", "aws-gd-update-findings-feedback" ] } - }, + }, { "Mimecast Authentication": { - "name": "Mimecast Authentication", + "name": "Mimecast Authentication", "commands": [ - "mimecast-login", - "mimecast-discover", + "mimecast-login", + "mimecast-discover", "mimecast-refresh-token" ] } - }, + }, { "malwr": { - "name": "malwr", - "fromversion": "3.0.0", + "name": "malwr", + "fromversion": "3.0.0", "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", + "malwr-submit", + "malwr-status", + "malwr-result", "malwr-detonate" ] } - }, + }, { "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", "cs-detection-details" ] } - }, + }, { "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", "servicenow-get-table-name" ] } - }, + }, { "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", "tenable-sc-get-system-information" ] } - }, + }, { "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", "gvault-get-groups-results" ] } - }, + }, { "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", "internal-misp-add-attribute" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", "box_files_get_info" ] } - }, + }, { "Remedy On-Demand": { - "name": "Remedy On-Demand", + "name": "Remedy On-Demand", "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", "remedy-incident-update" ] } - }, + }, { "Rasterize": { - "name": "Rasterize", + "name": "Rasterize", "commands": [ - "rasterize", - "rasterize-email", + "rasterize", + "rasterize-email", "rasterize-image" ] } - }, + }, { "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", "fortigate-delete-address-group" ] } - }, + }, { "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", "rtir-add-reply" ] } - }, + }, { "Tenable.io": { - "name": "Tenable.io", + "name": "Tenable.io", "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", "tenable-io-get-scan-status" ] } - }, + }, { "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", "sw-list-sessions" ] } - }, + }, { "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", "ews-o365-get-compliance-search-purge-status" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", "secure-works-get-ticket-count" ] } - }, + }, { "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", + "name": "Luminate", + "fromversion": "0.0.0", "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", "lum-get-ssh-access-logs" ] } - }, + }, { "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", "vt-private-download-file" ] } - }, + }, { "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", + "name": "Guidance Encase Endpoint", "commands": [ - "encase-copyjob", - "encase-snapshot", + "encase-copyjob", + "encase-snapshot", "encase-verifyhash" ] } - }, + }, { "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", "incap-get-app-info" ] } - }, + }, { "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", "cve-latest" ] } - }, + }, { "Cymon": { - "name": "Cymon", + "name": "Cymon", "commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", "atd-check-status" ] } - }, + }, { "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", "aws-logs-describe-metric-filters" ] } - }, + }, { "Microsoft Graph": { - "name": "Microsoft Graph", + "name": "Microsoft Graph", "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", "msg-get-user" ] } - }, + }, { "Secdo": { - "name": "Secdo", + "name": "Secdo", "commands": [ "secdo-add-IOCs" ] } - }, + }, { "Preempt": { - "name": "Preempt", + "name": "Preempt", "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", "preempt-get-alerts" ] } - }, + }, { "PostgreSQL": { - "name": "PostgreSQL", + "name": "PostgreSQL", "commands": [ "pgsql-query" ] } - }, + }, { "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", "epo-get-version" ] } - }, + }, { "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", "grr_set_hunts" ] } - }, + }, { "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", "nessus-scan-status" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", "ds-get-tags" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", "fe-submit-url-result" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", "nw-database-dump" ] } - }, + }, { "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", + "name": "RSA NetWitness v11.1", "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", "netwitness-get-alerts" ] } - }, + }, { "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", "smg-get-blocked-ips" ] } - }, + }, { "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", + "name": "OTRS", + "fromversion": "4.1.0", "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", "otrs-close-ticket" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", "cp-get-policy-details" ] } - }, + }, { "TCPIPUtils": { - "name": "TCPIPUtils", + "name": "TCPIPUtils", "commands": [ "ip" ] } - }, + }, { "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", "netwitness-im-get-alert-original" ] } - }, + }, { "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", + "name": "Where is the egg?", + "fromversion": "3.6.0", "commands": [ "clue" ] } - }, + }, { "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", "jira-issue-add-link" ] } - }, + }, { "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", "vec-get-detetctions-by-id" ] } - }, + }, { "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", + "name": "Twilio", + "fromversion": "2.5.0", "commands": [ "TwilioSendSMS" ] } - }, + }, { "PhishTank": { - "name": "PhishTank", + "name": "PhishTank", "commands": [ - "url", - "phishtank-reload", + "url", + "phishtank-reload", "phishtank-status" ] } - }, + }, { "FireEye iSIGHT": { - "name": "FireEye iSIGHT", + "name": "FireEye iSIGHT", "commands": [ - "ip", - "domain", - "file", - "isight-get-report", + "ip", + "domain", + "file", + "isight-get-report", "isight-submit-file" ] } - }, + }, { "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", "bigfix-query" ] } - }, + }, { "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", + "name": "Phish.AI", + "fromversion": "4.0.0", "commands": [ - "phish-ai-scan-url", + "phish-ai-scan-url", "phish-ai-check-status" ] } - }, + }, { "Koodous": { - "name": "Koodous", + "name": "Koodous", "commands": [ "k-check-hash" ] } - }, + }, { "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", "intsights-close-alert" ] } } - ], + ], "TestPlaybooks": [ { "SignalSciences Test": { - "name": "SignalSciences Test", + "name": "SignalSciences Test", "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", "sigsci-whitelist-remove-ip" ] } - }, + }, { "Microsoft Graph Test": { - "name": "Microsoft Graph Test", + "name": "Microsoft Graph Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", + "msg-search-alerts", + "msg-update-alert", "msg-get-alert-details" ] } - }, + }, { "Mail Sender (New) Test": { - "name": "Email Sender Python", + "name": "Email Sender Python", "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", + "Set", + "FileCreateAndUpload", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", "send-mail" ] } - }, + }, { "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", "ExtractURL" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "PortListenCheck-test": { - "name": "PortListenCheck-test", + "name": "PortListenCheck-test", "implementing_scripts": [ - "Print", + "Print", "PortListenCheck" ] } - }, + }, { "Qualys-Test": { - "name": "Qualys-Test", + "name": "Qualys-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", "qualys-report-list" ] } - }, + }, { "Pipl Test": { - "name": "Pipl Test", + "name": "Pipl Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "pipl-search" ] } - }, + }, { "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", "AreValuesEqual" - ], + ], "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", "splunk-get-indexes" ] } - }, + }, { "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", + "name": "CbP-PlayBook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", "cbp-fileAnalysis-get" ] } - }, + }, { "test_url_regex": { - "name": "Test URL Regex", + "name": "Test URL Regex", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" ] } - }, + }, { "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", + "name": "Test - PhishMe", "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", + "url", + "phishme-search", + "email", + "file", "ip" ] } - }, + }, { "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", + "name": "AWS - Route53 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", "aws-route53-list-hosted-zones" ] } - }, + }, { "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", + "name": "EWS Mail Sender Test", "implementing_scripts": [ "http" - ], + ], "implementing_commands": [ "send-mail" ] } - }, + }, { "Icebrg Test": { - "name": "Icebrg Test", + "name": "Icebrg Test", "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", "icebrg-get-report-indicators" ] } - }, + }, { "tenable-sc-scan-test": { - "name": "Test tenable scan", + "name": "Test tenable scan", "implementing_playbooks": [ "Launch Scan - Tenable.sc" ] } - }, + }, { "VMWare Test": { - "name": "VMWare Test", + "name": "VMWare Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", "vmware-get-vms" ] } - }, + }, { "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", + "name": "OpenPhish Test Playbook", "implementing_scripts": [ - "Print", - "CloseInvestigation", + "Print", + "CloseInvestigation", "Exists" - ], + ], "implementing_commands": [ - "url", + "url", "openphish-status" ] } - }, + }, { "Intezer Testing": { - "name": "Intezer Testing", + "name": "Intezer Testing", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "intezer-upload", + "intezer-upload", "file" ] } - }, + }, { "test-domain-indicator": { - "name": "test-domain-indicator", + "name": "test-domain-indicator", "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", + "Print", + "GetIndicatorDBotScore", "Sleep" ] } - }, + }, { "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "IP Enrichment - Generic" ] } - }, + }, { "Nessus - Test": { - "name": "Nessus - Test", + "name": "Nessus - Test", "implementing_scripts": [ "WhileLoop" - ], + ], "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", "nessus-scan-details" ] } - }, + }, { "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", + "name": "AWS - EC2 Test Playbook actions", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", "aws-ec2-stop-instances" ] } - }, + }, { "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", + "name": "Google Vault Generic Test", "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", + "VerifyContext", + "GeneratePassword", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", "gvault-create-export-groups" ] } - }, + }, { "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "CVE Enrichment - Generic" ] } - }, + }, { "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", + "name": "ReadPDFFile-Test", "implementing_scripts": [ - "DeleteContext", - "http", + "DeleteContext", + "http", "ReadPDFFile" ] } - }, + }, { "RegexGroups Test": { - "name": "RegexGroups Test", + "name": "RegexGroups Test", "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", + "RaiseError", + "VerifyContext", + "Set", "DeleteContext" ] } - }, + }, { "GmailTest": { - "name": "GmailTest", + "name": "GmailTest", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", "gmail-search" ] } - }, + }, { "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", + "name": "Extract Indicators From File - test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "http" - ], + ], "implementing_playbooks": [ "Extract Indicators From File - Generic" ] } - }, + }, { "Kenna Test": { - "name": "Kenna Test", + "name": "Kenna Test", "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", "kenna-get-connectors" ] } - }, + }, { "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", + "name": "AWS - CloudTrail Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", "aws-cloudtrail-stop-logging" ] } - }, + }, { "test_Qradar": { - "name": "test_Qradar", + "name": "test_Qradar", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], + ], "implementing_playbooks": [ "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", "qradar-delete-reference-set-value" ] } - }, + }, { "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", + "name": "Centreon-Test-Playbook", "implementing_commands": [ "centreon-get-host-status" ] } - }, + }, { "ssdeepreputationtest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", "SSDeepReputation" ] } - }, + }, { "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", + "name": "CrowdStrike FalconHost Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", + "cs-device-ran-on", + "cs-device-search", "cs-device-details" ] } - }, + }, { "dnstwistTest": { - "name": "dnstwistTest", + "name": "dnstwistTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "dnstwist-domain-variations" ] } - }, + }, { "IPInfoTest": { - "name": "IPInfoTest", + "name": "IPInfoTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "Netskope Test": { - "name": "Netskope Test", + "name": "Netskope Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Entity Enrichment - Generic" ] } - }, + }, { "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", + "name": "CrowdStrike Falcon Intel v2", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", "cs-reports" ] } - }, + }, { "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - TIE" ] } - }, + }, { "nexpose_test": { - "name": "Nexpose test", + "name": "Nexpose test", "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", + "GenerateUUID", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", "nexpose-get-scans" ] } - }, + }, { "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", + "name": "cisco-ise-test-playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "cisco-ise-get-endpoints" ] } - }, + }, { "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", + "name": "Carbon Black Response Test", "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", + "CarbonBlackResponseFilterSensors", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", "cb-alert" ] } - }, + }, { "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", + "VerifyContext", + "CreateDuplicateIncident", "DeleteContext" - ], + ], "implementing_playbooks": [ "Dedup - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "VxStream Test": { - "name": "VxStream Test", + "name": "VxStream Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", + "VerifyContext", + "DeleteContext", + "http", "Exists" - ], + ], "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", "crowdstrike-search" ] } - }, + }, { "PhishTank Testing": { - "name": "PhishTank Testing", + "name": "PhishTank Testing", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", + "DeleteContext", + "VerifyContext", + "Set", + "http", "ReadFile" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "BigFixTest": { - "name": "BigFixTest", + "name": "BigFixTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", "bigfix-deploy-patch" ] } - }, + }, { "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", + "name": "Cisco-Meraki-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", "meraki-fetch-organization-inventory" ] } - }, + }, { "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "URL Enrichment - Generic" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "CheckpointFW-test": { - "name": "CheckpointFW-test", + "name": "CheckpointFW-test", "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", "CheckpointFWCreateBackup" - ], + ], "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", "checkpoint-show-hosts" ] } - }, + }, { "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", + "name": "Test Playbook McAfee ATD", "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", + "FileCreateAndUpload", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Detonate URL - McAfee ATD", + "Detonate URL - McAfee ATD", "ATD - Detonate File" - ], + ], "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", + "atd-list-analyzer-profiles", + "atd-login", "atd-list-user" ] } - }, + }, { "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", + "name": "Cisco-Umbrella-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", "umbrella-domain-categorization" ] } - }, + }, { "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", + "name": "Test Playbook McAfee ePO", "implementing_scripts": [ - "RaiseError", + "RaiseError", "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", "epo-query-table" ] } - }, + }, { "grr_test": { - "name": "GRR Test", + "name": "GRR Test", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", "grr-get-flows" ] } - }, + }, { "RTIR Test": { - "name": "RTIR Test", + "name": "RTIR Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", "rtir-search-ticket" ] } - }, + }, { "GeneratePassword-Test": { - "name": "GeneratePassword-Test", + "name": "GeneratePassword-Test", "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", + "Print", + "GeneratePassword", + "DeleteContext", "Exists" ] } - }, + }, { "EWS Public Folders Test": { - "name": "EWS Public Folders Test", + "name": "EWS Public Folders Test", "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", "ews-get-folder" ] } - }, + }, { "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Account Enrichment - Generic" ] } - }, + }, { "TestStringReplace": { - "name": "TestStringReplace", + "name": "TestStringReplace", "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", + "StringReplace", + "VerifyContextFields", "DeleteContext" ] } - }, + }, { "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", + "name": "EWSv2_empty_attachment_test", "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - CrowdStrike" ] } - }, + }, { "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", + "name": "IBM Resilient Systems Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", "rs-incident-artifacts" ] } - }, + }, { "whois_test": { - "name": "whois_test", + "name": "whois_test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "whois" ] } - }, + }, { "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", + "name": "MxToolbox_test", "implementing_scripts": [ - "CloseInvestigation", - "Exists", + "CloseInvestigation", + "Exists", "ToTable" - ], + ], "implementing_commands": [ "mxtoolbox" ] } - }, + }, { "Jira-Test": { - "name": "Jira-Test", + "name": "Jira-Test", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", + "VerifyContextFields", + "VerifyContext", + "DeleteContext", "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", "jira-get-issue" ] } - }, + }, { "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", + "name": "AWS - EC2 Test Playbook ", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", "aws-ec2-describe-addresses" ] } - }, + }, { "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", + "name": "palo_alto_firewall_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_playbooks": [ "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", "panorama-delete-address" ] } - }, + }, { "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", + "name": "Google Safe Browsing Test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "CloseInvestigation" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "Tenable.io test": { - "name": "Tenable.io test", + "name": "Tenable.io test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", "tenable-io-get-scan-status" ] } - }, + }, { "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", + "name": "JoeSecurityTestPlaybook", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", "joe-analysis-submit-url" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "OTRS Test": { - "name": "OTRS Test", + "name": "OTRS Test", "implementing_scripts": [ "FetchFromInstance" - ], + ], "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", "otrs-get-ticket" ] } - }, + }, { "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", + "name": "Get Original Email - Gmail - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - Gmail" ] } - }, + }, { "TestHPServiceManager": { - "name": "TestHPServiceManager", + "name": "TestHPServiceManager", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", "hpsm-get-incident-by-id" ] } - }, + }, { "AbuseIPDB Test": { - "name": "AbuseIPDB Test", + "name": "AbuseIPDB Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", "abuseipdb-report-ip" ] } - }, + }, { "TestIsValueInArray": { - "name": "TestIsValueInArray", + "name": "TestIsValueInArray", "implementing_scripts": [ - "CloseInvestigation", - "Set", + "CloseInvestigation", + "Set", "IsValueInArray" ] } - }, + }, { "GsuiteTest": { - "name": "test-Gsuite", + "name": "test-Gsuite", "implementing_scripts": [ "VerifyContextFields" - ], + ], "implementing_commands": [ "googleapps-list-users" ] } - }, + }, { "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", + "name": "Cisco Spark Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", "cisco-spark-list-rooms" ] } - }, + }, { "iDefenseTest": { - "name": "iDefenseTest", + "name": "iDefenseTest", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "uuid" ] } - }, + }, { "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", + "name": "Block Indicators - Generic - Test", "implementing_playbooks": [ "Block Indicators - Generic" ] } - }, + }, { "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", "netwitness-query" ] } - }, + }, { "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", + "name": "Google Vault - Search And Display Results test", "implementing_scripts": [ - "GeneratePassword", + "GeneratePassword", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", "Google Vault - Search Drive" ] } - }, + }, { "URLDecode-Test": { - "name": "URLDecode-Test", + "name": "URLDecode-Test", "implementing_scripts": [ - "URLDecode", + "URLDecode", "DeleteContext" ] } - }, + }, { "Zscaler Test": { - "name": "Zscaler Test", + "name": "Zscaler Test", "implementing_scripts": [ - "GenerateUUID", + "GenerateUUID", "isError" - ], + ], "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", "zscaler-category-add-url" ] } - }, + }, { "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", + "name": "urlscan_malicious_Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ "urlscan-search" ] } - }, + }, { "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", + "name": "DemistoUploadFileToIncident Test", "implementing_scripts": [ - "DemistoUploadFileToIncident", + "DemistoUploadFileToIncident", "http" ] } - }, + }, { "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", + "name": "ParseEmailFiles-test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", "ParseEmailFiles" ] } - }, + }, { "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentSet", - "DeleteContext", + "IncidentSet", + "DeleteContext", "VerifyContext" - ], + ], "implementing_playbooks": [ "Extract Indicators - Generic" ] } - }, + }, { "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", + "name": "listExecutedCommands-Test", "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", "AreValuesEqual" ] } - }, + }, { "Phishing test - Inline": { - "name": "Phishing test - Inline", + "name": "Phishing test - Inline", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", + "name": "Tenable.io Scan Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Tenable.io Scan" ] } - }, + }, { "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", + "name": "AlphaSOC Wisdom Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "wisdom-ip-flags", + "wisdom-ip-flags", "wisdom-domain-flags" ] } - }, + }, { "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", + "name": "pyEWS_Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", "ews-search-mailboxes" ] } - }, + }, { "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", + "name": "virusTotal-test-playbook", "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", + "Set", + "VerifyContext", + "DeleteContext", "Exists" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", + "name": "Calculate Severity - Critical assets - Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ADGetUser" - ], + ], "implementing_playbooks": [ "Calculate Severity - Critical assets" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Response" ] } - }, + }, { "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", + "name": "TestGetDuplicatesIncidentsByMl", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", "TestCreateDuplicates" ] } - }, + }, { "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", + "name": "LogRhythm-Test-Playbook", "implementing_commands": [ "lr-get-alarms" ] } - }, + }, { "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", + "name": "Test Similar Incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", "FindSimilarIncidents" ] } - }, + }, { "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", + "name": "AWS - CloudWatchLogs Test Playbook_copy", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", "aws-logs-delete-retention-policy" ] } - }, + }, { "TestSkyformation": { - "name": "TestSkyformation", + "name": "TestSkyformation", "implementing_scripts": [ "TestFail" - ], + ], "implementing_commands": [ "skyformation-get-accounts" ] } - }, + }, { "EWS test": { - "name": "EWS test", + "name": "EWS test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", "ews-delete-items" ] } - }, + }, { "ShodanTest": { - "name": "ShodanTest", + "name": "ShodanTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", + "name": "Sandblast malicious test", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "echo" - ], + ], "implementing_commands": [ - "sandblast-query", + "sandblast-query", "sandblast-upload" ] } - }, + }, { "minemeld_test": { - "name": "Palo Alto MineMeld Test", + "name": "Palo Alto MineMeld Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", "minemeld-get-indicator-from-miner" ] } - }, + }, { "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", + "name": "Archer-Test-Playbook", "implementing_scripts": [ - "VerifyContextFields", + "VerifyContextFields", "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", "archer-get-record" ] } - }, + }, { "LanguageDetect-Test": { - "name": "LanguageDetect-Test", + "name": "LanguageDetect-Test", "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", "Exists" ] } - }, + }, { "ThreatGridTest": { - "name": "ThreatGridTest", + "name": "ThreatGridTest", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", "threat-grid-upload-sample" ] } - }, + }, { "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate URL - Generic" ] } - }, + }, { "test-ThreatConnect": { - "name": "test-ThreatConnect", + "name": "test-ThreatConnect", "implementing_commands": [ "tc-owners" ] } - }, + }, { "TestMatchRegex": { - "name": "TestMatchRegex", + "name": "TestMatchRegex", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "MatchRegex" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Generic" ] } - }, + }, { "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", + "name": "Detonate File - SNDBOX - Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - SNDBOX" ] } - }, + }, { "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", + "name": "Create Phishing Classifier ML Test", "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", "TestCreateIncidents" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" ] } - }, + }, { "CirclIntegrationTest": { - "name": "CIRCL Test", + "name": "CIRCL Test", "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", + "VerifyHumanReadableContains", + "PrintErrorEntry", "isError" - ], + ], "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-dns-get" ] } - }, + }, { "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", + "name": "ProofpointDecodeURL-Test", "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", "AreValuesEqual" ] } - }, + }, { "FireEye HX Test": { - "name": "FireEye HX Test", + "name": "FireEye HX Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", "fireeye-hx-get-indicator" ] } - }, + }, { "hashicorp_test": { - "name": "hashicorp_test", + "name": "hashicorp_test", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", "hashicorp-reset-configuration" ] } - }, + }, { "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", + "DecodeMimeHeader", + "DeleteContext", "VerifyContext" ] } - }, + }, { "XFE Test": { - "name": "XFE Test", + "name": "XFE Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", + "VerifyContext", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", + "domain", + "url", + "ip", + "cve-latest", + "cve-search", "file" ] } - }, + }, { "Base64 File in List Test": { - "name": "Base64 File in List Test", + "name": "Base64 File in List Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Base64ListToFile" - ], + ], "implementing_commands": [ "setList" ] } - }, + }, { "Cybereason Test": { - "name": "Cybereason Test", + "name": "Cybereason Test", "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", + "FetchFromInstance", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", "cybereason-query-malops" ] } - }, + }, { "ActiveMQ Test": { - "name": "ActiveMQ Test", + "name": "ActiveMQ Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], + ], "implementing_commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "McAfeeNSMTest": { - "name": "McAfeeNSMTest", + "name": "McAfeeNSMTest", "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", "nsm-get-sensors" ] } - }, + }, { "SNDBOX_Test": { - "name": "SNDBOX_Test", + "name": "SNDBOX_Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", "sndbox-is-online" ] } - }, + }, { "Fortigate Test": { - "name": "Fortigate Test", + "name": "Fortigate Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", "fortigate-update-policy" ] } - }, + }, { "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "sep-endpoints-info" ] } - }, + }, { "awake_security_test_pb": { - "name": "awake_security_test_pb", + "name": "awake_security_test_pb", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", "email" ] } - }, + }, { "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", + "name": "nmap-test", "implementing_scripts": [ - "CloseInvestigation", - "Print", + "CloseInvestigation", + "Print", "Exists" - ], + ], "implementing_commands": [ "nmap-scan" ] } - }, + }, { "Detonate File - No Files test": { - "name": "Detonate File - No Files test", + "name": "Detonate File - No Files test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", "ExtractEmail" ] } - }, + }, { "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", + "name": "test-LinkIncidentsWithRetry", "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", + "Print", + "LinkIncidentsWithRetry", "AreValuesEqual" - ], + ], "implementing_commands": [ "createNewIncident" ] } - }, + }, { "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", + "name": "Autofocus_test", "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", + "CloseInvestigation", + "IsMaliciousIndicatorFound", "AreValuesEqual" - ], + ], "implementing_commands": [ - "autofocus-search-sessions", - "file", + "autofocus-search-sessions", + "file", "autofocus-search-samples" ] } - }, + }, { "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", + "name": "Remedy-On-Demand-Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", "remedy-incident-update" ] } - }, + }, { "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Generic" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "Test ParseCSV": { - "name": "Test ParseCSV", + "name": "Test ParseCSV", "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", "AreValuesEqual" ] } - }, + }, { "Preempt Test": { - "name": "Preempt Test", + "name": "Preempt Test", "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", "preempt-add-to-watch-list" ] } - }, + }, { "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", + "name": "playbook-Cymon_Test", "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", + "VerifyContext", + "StringContains", + "DeleteContext", "ValidateErrorExistence" - ], + ], "implementing_commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", + "name": "HTTPRedirectList Test", "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", + "CloseInvestigation", + "HTTPListRedirects", "AreValuesEqual" ] } - }, + }, { "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", + "name": "Tcpiputlis Test Playbook", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", + "name": "S3 Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", "aws-s3-delete-bucket" ] } - }, + }, { "buildewsquery_test": { - "name": "BuildEWSQuery Test", + "name": "BuildEWSQuery Test", "implementing_scripts": [ - "BuildEWSQuery", + "BuildEWSQuery", "VerifyContext" ] } - }, + }, { "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", + "name": "palo_alto_panorama_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", "panorama-delete-address" ] } - }, + }, { "okta_test_playbook": { - "name": "Okta test playbook", + "name": "Okta test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", "okta-get-group-assignments" ] } - }, + }, { "test_delete_context": { - "name": "Test Delete Context", + "name": "Test Delete Context", "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", + "RaiseError", + "Set", + "DeleteContext", "isError" ] } - }, + }, { "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", + "name": "JiraCreateIssue-example-test", "implementing_scripts": [ - "JiraCreateIssue-example", + "JiraCreateIssue-example", "DeleteContext" - ], + ], "implementing_commands": [ "jira-delete-issue" ] } - }, + }, { "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", + "name": "AttivoBotsinkTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", "attivo-list-playbooks" ] } - }, + }, { "email_test": { - "name": "Email Address Enrichment - Generic - Test", + "name": "Email Address Enrichment - Generic - Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Email Address Enrichment - Generic" ] } - }, + }, { "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", + "name": "Cisco Umbrella Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", "umbrella-get-domain-queryvolume" ] } - }, + }, { "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", + "name": "AWS - SQS Test Playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", "aws-sqs-delete-queue" ] } - }, + }, { "RedCanaryTest": { - "name": "RedCanaryTest", + "name": "RedCanaryTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", "redcanary-execute-playbook" ] } - }, + }, { "blockip_test_playbook": { - "name": "blockip_test_playbook", + "name": "blockip_test_playbook", "implementing_scripts": [ "BlockIP" ] } - }, + }, { "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Block Endpoint - Carbon Black Response" - ], + ], "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", + "cb-list-sensors", + "cb-unquarantine-device", "cb-sensor-info" ] } - }, + }, { "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", + "name": "ExportToCSV script test", + "fromversion": "3.6.0", "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", "ReadFile" ] } - }, + }, { "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - D2" ] } - }, + }, { "GetTime-Test": { - "name": "GetTime-Test", + "name": "GetTime-Test", "implementing_scripts": [ - "GetTime", - "DeleteContext", + "GetTime", + "DeleteContext", "MatchRegex" ] } - }, + }, { "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", + "name": "CreateEmailHtmlBody_test_pb", "implementing_scripts": [ - "CreateEmailHtmlBody", + "CreateEmailHtmlBody", "DeleteContext" - ], + ], "implementing_commands": [ "createList" ] } - }, + }, { "forcepoint test": { - "name": "forcepoint test", + "name": "forcepoint test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", "fp-delete-categories" ] } - }, + }, { "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-detection-search" ] } - }, + }, { "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" ] } - }, + }, { "TestHttpPlaybook": { - "name": "TestHttpPlaybook", + "name": "TestHttpPlaybook", "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", + "VerifyContextFields", + "DeleteContext", "http" ] } - }, + }, { "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", + "name": "Test-IsMaliciousIndicatorFound", "implementing_scripts": [ - "VerifyContext", - "Sleep", + "VerifyContext", + "Sleep", "IsMaliciousIndicatorFound" - ], + ], "implementing_commands": [ "createNewIndicator" ] } - }, + }, { "Mimecast test": { - "name": "Mimecast test", + "name": "Mimecast test", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", "mimecast-get-url-logs" ] } - }, + }, { "TestParseCSV": { - "name": "TestParseCSV", + "name": "TestParseCSV", "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", "ExportToCSV" ] } - }, + }, { "ArcSight Logger test": { - "name": "ArcSight Logger test", + "name": "ArcSight Logger test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", "as-events" ] } - }, + }, { "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", + "name": "Cylance Protect v2 Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", "cylance-protect-add-hash-to-list" ] } - }, + }, { "McAfeeESMTest": { - "name": "McAfeeESMTest", + "name": "McAfeeESMTest", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", "esm-fetch-alarms" ] } - }, + }, { "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Jask_Test": { - "name": "Jask Test", + "name": "Jask Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", "jask-get-insight-comments" ] } - }, + }, { "RSA NetWitness Test": { - "name": "RSA NetWitness Test", + "name": "RSA NetWitness Test", "implementing_commands": [ - "netwitness-get-incident", + "netwitness-get-incident", "netwitness-get-incidents" ] } - }, + }, { "Test_Sagemaker": { - "name": "Test Sagemaker", + "name": "Test Sagemaker", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "predict-phishing" ] } - }, + }, { "ExtractURL Test": { - "name": "ExtractURL Test", + "name": "ExtractURL Test", "implementing_scripts": [ - "Print", - "ExtractURL", + "Print", + "ExtractURL", "IsTrue" ] } - }, + }, { "tenable-sc-test": { - "name": "Tenable.sc Test", + "name": "Tenable.sc Test", "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", + "GetTime", + "VerifyContext", + "DeleteContext", "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", "tenable-sc-list-users" ] } - }, + }, { "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", + "name": "ReversingLabsA1000Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", "file" ] } - }, + }, { "TestWordFileToIOC": { - "name": "TestWordFileToIOC", + "name": "TestWordFileToIOC", "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", "ParseWordDoc" ] } - }, + }, { "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", + "name": "TestExtractHTMLTables", "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", "Exists" ] } - }, + }, { "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", + "name": "Test - urlscan", "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", + "CloseInvestigation", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "ip", + "url", + "ip", "urlscan-submit" ] } - }, + }, { "RasterizeImageTest": { - "name": "RasterizeImageTest", + "name": "RasterizeImageTest", "implementing_scripts": [ - "GenerateImageFileEntry", + "GenerateImageFileEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "rasterize-image", + "rasterize-image", "closeInvestigation" ] } - }, + }, { "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", + "name": "InfoArmorVigilanteATITest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", "vigilante-search-leaks" ] } - }, + }, { "strings-test": { - "name": "strings-test", + "name": "strings-test", "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", "VerifyContext" ] } - }, + }, { "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", + "name": "Process Email - Generic - Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Process Email - Generic" ] } - }, + }, { "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", + "name": "AWS - S3 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", "aws-s3-put-bucket-policy" ] } - }, + }, { "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", + "name": "TestFileCreateAndUpload", "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", + "Print", + "FileCreateAndUpload", + "DeleteContext", "CloseInvestigation" ] } - }, + }, { "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", + "name": "Get Original Email - EWS - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - EWS" ] } - }, + }, { "Remedy AR Test": { - "name": "Remedy AR Test", + "name": "Remedy AR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "remedy-get-server-details" ] } - }, + }, { "WordTokenizeTest": { - "name": "WordTokenizeTest", + "name": "WordTokenizeTest", "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", + "VerifyContext", + "WordTokenizer", "DeleteContext" ] } - }, + }, { "ExtractDomainTest": { - "name": "ExtractDomainTest", + "name": "ExtractDomainTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ExtractDomain" ] } - }, + }, { "TestCommonPython": { - "name": "TestCommonPython", + "name": "TestCommonPython", "implementing_scripts": [ "TestPYCommonServer" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Cylance Protect" ] } - }, + }, { "TestPacketsled": { - "name": "TestPacketsled", + "name": "TestPacketsled", "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", "packetsled-get-incidents" ] } - }, + }, { "EWS search-mailbox test": { - "name": "EWS search-mailbox test", + "name": "EWS search-mailbox test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", + "ews-search-mailbox", + "ews-move-item", "send-mail" ] } - }, + }, { "IntSights Test": { - "name": "IntSights Test", + "name": "IntSights Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", + "Print", + "VerifyContext", + "DeleteContext", + "Exists", "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", "intsights-get-alert-activities" ] } - }, + }, { "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", + "name": "SalesforceTestPlaybook", "implementing_scripts": [ - "ContextContains", + "ContextContains", "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", "salesforce-query" ] } - }, + }, { "Wildfire Test": { - "name": "Wildfire Test", + "name": "Wildfire Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", + "wildfire-upload", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "Vectra-test": { - "name": "Vectra-test", + "name": "Vectra-test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", "vectra-detections" ] } - }, + }, { "CuckooTest": { - "name": "CuckooTest", + "name": "CuckooTest", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Cuckoo", + "Detonate URL - Cuckoo", "Detonate File - Cuckoo" ] } - }, + }, { "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", + "name": "TextFromHTML Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "TextFromHTML" ] } - }, + }, { "PhishAi-Test": { - "name": "PhishAi-Test", + "name": "PhishAi-Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "phish-ai-scan-url" ] } - }, + }, { "Phishing test - attachment": { - "name": "Phishing test - attachment", + "name": "Phishing test - attachment", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", + "name": "Test-Detonate URL - Phish.AI", "implementing_playbooks": [ "Detonate URL - Phish.AI" ] } - }, + }, { "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", + "name": "ReversingLabsTCTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "file" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Carbon Black Enterprise Response" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", + "name": "PostgreSQL Test", + "fromversion": "3.6.0", "implementing_scripts": [ "VerifyHumanReadableEquals" - ], + ], "implementing_commands": [ "pgsql-query" ] } - }, + }, { "DUO Test Playbook": { - "name": "DUO Test Playbook", + "name": "DUO Test Playbook", "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", "PrintContext" - ], + ], "implementing_commands": [ "duo-preauth" ] } - }, + }, { "secureworks_test": { - "name": "Secureworks test", + "name": "Secureworks test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", "secure-works-get-tickets-updates" ] } - }, + }, { "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", + "name": "File Enrichment - Generic Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "File Enrichment - Generic" ] } - }, + }, { "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", + "name": "JSONtoCSV-Test", "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", "DeleteContext" ] } - }, + }, { "ZipFile-Test": { - "name": "ZipFile-Test", + "name": "ZipFile-Test", "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", "DeleteContext" ] } - }, + }, { "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", + "name": "AWS - IAM Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", "aws-iam-delete-instance-profile" ] } - }, + }, { "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", + "name": "ExposeIncidentOwner-Test", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", "AreValuesEqual" ] } - }, + }, { "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", + "name": "McAfeeWebGatewayTest", "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", + "ContextContains", + "DeleteContext", + "Sleep", "PrintContext" - ], + ], "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", "mwg-get-available-lists" ] } - }, + }, { "DemistoLockTest": { - "name": "DemistoLockTest", + "name": "DemistoLockTest", "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", + "Set", + "Print", + "DeleteContext", + "Sleep", "isError" - ], + ], "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", "demisto-lock-info" ] } - }, + }, { "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", + "name": "Detonate File - BitDam Test", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - BitDam" ] } - }, + }, { "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", + "name": "Luminate-TestPlaybook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", "lum-get-http-access-logs" ] } - }, + }, { "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", + "name": "McAfee-MAR_Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", + "mar-collectors-list", + "mar-search-multiple", "mar-search" ] } - }, + }, { "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", + "name": "Carbon Black Live Response Test", "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", + "TestCreateWordFile", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", "cb-session-close" ] } - }, + }, { "Recorded Future Test": { - "name": "Recorded Future Test", + "name": "Recorded Future Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", + "ip", + "domain", + "recorded-future-get-related-entities", "file" ] } - }, + }, { "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", + "name": "NetWitness Endpoint Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", "netwitness-get-machine-module" ] } - }, + }, { "DNSDBTest": { - "name": "DNSDBTest", + "name": "DNSDBTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "dnsdb-rrset", + "dnsdb-rrset", "dnsdb-rdata" ] } - }, + }, { "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", + "name": "VerifyHumanReadableFormat", "implementing_scripts": [ - "VerifyTableToMarkDown", + "VerifyTableToMarkDown", "VerifyTreeToFlatObject" ] } - }, + }, { "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Domain Enrichment - Generic" ] } - }, + }, { "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", "file" ] } - }, + }, { "ParseExcel-test": { - "name": "ParseExcel-test", + "name": "ParseExcel-test", "implementing_scripts": [ - "ParseExcel", - "DeleteContext", + "ParseExcel", + "DeleteContext", "http" ] } - }, + }, { "Zoom_Test": { - "name": "Zoom_Test", + "name": "Zoom_Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", + "Print", + "VerifyContext", + "GenerateEmail", "DeleteContext" - ], + ], "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", "zoom-delete-user" ] } - }, + }, { "DomainTools-Test": { - "name": "DomainTools-Test", + "name": "DomainTools-Test", "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", + "VerifyContext", + "NotInContextVerification", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", "reverseIP" ] } - }, + }, { "RedLockTest": { - "name": "RedLockTest", + "name": "RedLockTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", "redlock-dismiss-alerts" ] } - }, + }, { "TruSTAR Test": { - "name": "TruSTAR Test", + "name": "TruSTAR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", "trustar-search-indicators" ] } - }, + }, { "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", "Detonate URL - JoeSecurity" ] } - }, + }, { "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", + "name": "Symantec Messaging Gateway Test", "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", + "GenerateIP", + "VerifyContext", + "GenerateUUID", "AreValuesEqual" - ], + ], "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", "smg-unblock-email" ] } - }, + }, { "devo_test_playbook": { - "name": "Devo test playbook", + "name": "Devo test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "devo-query" ] } - }, + }, { "Lastline - testplaybook": { - "name": "Lastline - testplaybook", + "name": "Lastline - testplaybook", "implementing_scripts": [ - "DeleteContext", - "Set", + "DeleteContext", + "Set", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Lastline", + "Detonate URL - Lastline", "Detonate File - Lastline" ] } - }, + }, { "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Test CommonServer": { - "name": "Test CommonServer", + "name": "Test CommonServer", "implementing_scripts": [ "TestFormatTableValues" ] } - }, + }, { "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", + "name": "Test filters & transformers scripts", "implementing_scripts": [ - "RaiseError", - "Print", + "RaiseError", + "Print", "Set" ] } - }, + }, { "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", + "name": "virusTotalPrivateAPI-test-playbook", "implementing_scripts": [ - "VerifyContext", - "StringContains", + "VerifyContext", + "StringContains", "DeleteContext" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-file-report", "vt-private-get-domain-report" ] } - }, + }, { "SCADAfence_test": { - "name": "SCADAfence_test", + "name": "SCADAfence_test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", + "scadafence-getAsset", + "scadafence-setAlertStatus", "scadafence-getAlerts" ] } - }, + }, { "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", + "name": "SymantecEndpointProtection Test", "implementing_scripts": [ - "SEPScan", - "VerifyContext", + "SEPScan", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", "sep-system-info" ] } - }, + }, { "PagerDuty Test": { - "name": "PagerDuty Test", + "name": "PagerDuty Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", "PagerDuty-get-users-on-call-now" ] } - }, + }, { "pan-appframework-test": { - "name": "pan-appframework-test", + "name": "pan-appframework-test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "pan-appframework-query-logs" ] } - }, + }, { "TestSafeBreach": { - "name": "TestSafeBreach", + "name": "TestSafeBreach", "implementing_commands": [ - "safebreach-get-simulation", + "safebreach-get-simulation", "safebreach-rerun" ] } - }, + }, { "ExifReadTest": { - "name": "ExifReadTest", + "name": "ExifReadTest", "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", + "GenerateImageFileEntry", + "ExifRead", "DeleteContext" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "McAfee-TIE Test": { - "name": "McAfee-TIE Test", + "name": "McAfee-TIE Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "tie-file-references", - "file", + "tie-file-references", + "file", "tie-set-file-reputation" ] } - }, + }, { "SymantecMSSTest": { - "name": "SymantecMSSTest", + "name": "SymantecMSSTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", + "symantec-mss-incidents-list", + "symantec-mss-update-incident", "symantec-mss-get-incident" ] } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } } ] } \ No newline at end of file From 32686f144a060c6785c16b0b5d305492c90f06ee Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 12:18:03 +0200 Subject: [PATCH 35/49] removed CRLFs from id_set.json --- Tests/id_set.json | 28803 ++++++++++++++++++++++---------------------- 1 file changed, 14466 insertions(+), 14337 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 6c449bb0d1fa..4716d00ab702 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -1,14338 +1,14467 @@ -{ - "scripts": [ - { - "AwsStopInstance": { - "name": "AwsStopInstance", - "depends_on": [ - "stop-instance" - ] - } - }, - { - "PWFindEvents": { - "name": "PWFindEvents", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "QRadarClassifier": { - "name": "QRadarClassifier", - "deprecated": true, - "depends_on": [ - "qradar-searches" - ] - } - }, - { - "VolLDRModules": { - "name": "VolLDRModules" - } - }, - { - "CPShowHosts": { - "name": "CPShowHosts", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "PWSensors": { - "name": "PWSensors", - "deprecated": true, - "depends_on": [ - "sensors" - ], - "script_executions": [ - "sensors" - ] - } - }, - { - "ADListComputers": { - "name": "ADListComputers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CheckWhitelist": { - "name": "CheckWhitelist", - "deprecated": true, - "script_executions": [ - "getList" - ] - } - }, - { - "VectraHosts": { - "name": "VectraHosts", - "deprecated": true, - "depends_on": [ - "vec-hosts" - ] - } - }, - { - "SetContext": { - "name": "SetContext", - "deprecated": true - } - }, - { - "D2Autoruns": { - "name": "D2Autoruns" - } - }, - { - "MathUtil": { - "name": "MathUtil" - } - }, - { - "CBFindHash": { - "name": "CBFindHash", - "deprecated": true, - "depends_on": [ - "cb-binary" - ] - } - }, - { - "SendEmailToManager": { - "name": "SendEmailToManager", - "fromversion": "3.5.0", - "depends_on": [ - "ad-search", - "send-mail" - ], - "script_executions": [ - "AdSearch", - "AdSearch", - "addEntitlement" - ] - } - }, - { - "FileCreateAndUpload": { - "name": "FileCreateAndUpload" - } - }, - { - "DecodeMimeHeader": { - "name": "DecodeMimeHeader" - } - }, - { - "WildfireUpload": { - "name": "WildfireUpload", - "deprecated": true, - "depends_on": [ - "wildfire-upload" - ] - } - }, - { - "CYFileRep": { - "name": "CYFileRep", - "depends_on": [ - "file", - "cy-upload" - ], - "script_executions": [ - "getEntry", - "file", - "file" - ] - } - }, - { - "PanoramaPcaps": { - "name": "PanoramaPcaps", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "ExtractDomain": { - "name": "ExtractDomain", - "toversion": "3.0.0" - } - }, - { - "ExposeUsers": { - "name": "ExposeUsers", - "deprecated": true - } - }, - { - "Print": { - "name": "Print" - } - }, - { - "CSIndicators": { - "name": "CSIndicators", - "deprecated": true, - "depends_on": [ - "cs-indicators" - ] - } - }, - { - "PWEventPcapInfo": { - "name": "PWEventPcapInfo", - "deprecated": true, - "depends_on": [ - "event-pcap-info" - ] - } - }, - { - "JiraIssueQuery": { - "name": "JiraIssueQuery", - "deprecated": true, - "depends_on": [ - "jira-issue-query" - ] - } - }, - { - "ADGetAllUsersEmail": { - "name": "ADGetAllUsersEmail", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CuckooDetonateFile": { - "name": "CuckooDetonateFile", - "depends_on": [ - "cuckoo-create-task-from-file" - ] - } - }, - { - "EPORepoList": { - "name": "EPORepoList", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "GrrSetFlows": { - "name": "GrrSetFlows", - "depends_on": [ - "grr_set_flows" - ], - "script_executions": [ - "grr_set_flows" - ] - } - }, - { - "VectraGetDetetctionsById": { - "name": "VectraGetDetetctionsById", - "deprecated": true, - "depends_on": [ - "vec-get-detetctions-by-id" - ] - } - }, - { - "CommonD2": { - "name": "CommonD2" - } - }, - { - "FilterByList": { - "name": "FilterByList", - "script_executions": [ - "getList" - ] - } - }, - { - "ExtractHash": { - "name": "ExtractHash" - } - }, - { - "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { - "name": "commentsToContext" - } - }, - { - "ConvertXmlFileToJson": { - "name": "ConvertXmlFileToJson" - } - }, - { - "IPExtract": { - "name": "IPExtract", - "deprecated": true - } - }, - { - "DBotAverageScore": { - "name": "DBotAverageScore" - } - }, - { - "NessusCreateScan": { - "name": "NessusCreateScan", - "deprecated": true, - "depends_on": [ - "scan-create" - ] - } - }, - { - "StixParser": { - "name": "StixParser" - } - }, - { - "NessusShowEditorTemplates": { - "name": "NessusShowEditorTemplates", - "deprecated": true, - "depends_on": [ - "nessus-get-scans-editors" - ] - } - }, - { - "QrFullSearch": { - "name": "QrFullSearch", - "deprecated": true, - "depends_on": [ - "QrGetSearchResults", - "qr-get-search", - "qr-searches" - ], - "script_executions": [ - "QrGetSearchResults" - ] - } - }, - { - "FetchFromInstance": { - "name": "FetchFromInstance", - "fromversion": "4.0.0", - "deprecated": true - } - }, - { - "a6e348f4-1e40-4365-870c-52139c60779a": { - "name": "OktaGetUser", - "deprecated": true, - "depends_on": [ - "okta-get-user" - ] - } - }, - { - "VolConnscan": { - "name": "VolConnscan" - } - }, - { - "840aa9a7-04b2-4505-8238-8fe85f010dde": { - "name": "OktaActivateUser", - "deprecated": true, - "depends_on": [ - "okta-activate-user" - ] - } - }, - { - "CBLiveGetFile": { - "name": "CBLiveGetFile", - "depends_on": [ - "cb-session-create", - "cb-sensor-info", - "cb-command-create", - "cb-session-info", - "cb-file-get", - "cb-command-info", - "cb-list-sessions" - ] - } - }, - { - "ScheduleGenericPolling": { - "name": "ScheduleGenericPolling", - "fromversion": "4.0.0" - } - }, - { - "AddEvidence": { - "name": "AddEvidence", - "fromversion": "2.5.0" - } - }, - { - "Ping": { - "name": "Ping" - } - }, - { - "EncodeToAscii": { - "name": "EncodeToAscii" - } - }, - { - "ServiceNowCreateIncident": { - "name": "ServiceNowCreateIncident", - "depends_on": [ - "servicenow-query-table", - "servicenow-create-record" - ] - } - }, - { - "TriagePhishing": { - "name": "TriagePhishing", - "deprecated": true - } - }, - { - "LessThanPercentage": { - "name": "LessThanPercentage" - } - }, - { - "TrendmicroAlertStatus": { - "name": "TrendmicroAlertStatus", - "depends_on": [ - "trendmicro-alert-status" - ] - } - }, - { - "SandboxDetonateFile": { - "name": "SandboxDetonateFile", - "script_executions": [ - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "getEntry", - "CuckooDetonateFile", - "CuckooTaskStatus", - "CuckooGetReport" - ] - } - }, - { - "ParseEmailFiles": { - "name": "ParseEmailFiles", - "script_executions": [ - "getEntry", - "getFilePath" - ] - } - }, - { - "ConferSetSeverity": { - "name": "ConferSetSeverity", - "depends_on": [ - "confer" - ], - "script_executions": [ - "setSeverity" - ] - } - }, - { - "ReverseList": { - "name": "ReverseList" - } - }, - { - "ImpSfListEndpoints": { - "name": "ImpSfListEndpoints", - "depends_on": [ - "imp-sf-list-endpoints" - ] - } - }, - { - "9364c36f-b1d6-4233-88c2-75008b106c31": { - "name": "vmray_getResults", - "depends_on": [ - "get_job_sample" - ], - "script_executions": [ - "get_job_sample", - "get_results", - "scheduleEntry" - ] - } - }, - { - "InviteUser": { - "name": "InviteUser" - } - }, - { - "VectraDetections": { - "name": "VectraDetections", - "deprecated": true, - "depends_on": [ - "vec-detections" - ] - } - }, - { - "StaticAnalyze": { - "name": "StaticAnalyze" - } - }, - { - "GetContextValue": { - "name": "GetContextValue", - "deprecated": true - } - }, - { - "TaniumFilterComputersByIndexQueryFileDetails": { - "name": "TaniumFilterComputersByIndexQueryFileDetails", - "depends_on": [ - "tn-ask-manual-question" - ] - } - }, - { - "D2O365ComplianceSearch": { - "name": "D2O365ComplianceSearch" - } - }, - { - "SearchIncidents": { - "name": "SearchIncidents" - } - }, - { - "CuckooDisplayReport": { - "name": "CuckooDisplayReport", - "depends_on": [ - "ck-report" - ], - "script_executions": [ - "getFilePath", - "getEntry" - ] - } - }, - { - "VolPSList": { - "name": "VolPSList" - } - }, - { - "CBLiveProcessList": { - "name": "CBLiveProcessList", - "depends_on": [ - "cb-command-info", - "cb-command-create" - ] - } - }, - { - "GoogleappsGmailGetMail": { - "name": "GoogleappsGmailGetMail", - "deprecated": true, - "depends_on": [ - "googleapps-gmail-get-mail" - ] - } - }, - { - "PTEnrich": { - "name": "PTEnrich", - "depends_on": [ - "pt-osint", - "pt-whois", - "pt-malware", - "pt-enrichment", - "pt-get-subdomains", - "pt-ssl-cert", - "pt-passive-dns" - ] - } - }, - { - "ResolveShortenedURL": { - "name": "ResolveShortenedURL" - } - }, - { - "CommonServerUserPython": { - "name": "CommonServerUserPython" - } - }, - { - "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { - "name": "NetwitnessSearch", - "depends_on": [ - "nw-sdk-search" - ] - } - }, - { - "RunSqlQuery": { - "name": "RunSqlQuery", - "deprecated": true, - "depends_on": [ - "query" - ], - "script_executions": [ - "query" - ] - } - }, - { - "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { - "name": "VerifyContext", - "deprecated": true - } - }, - { - "TimeStampToDate": { - "name": "TimeStampToDate" - } - }, - { - "SlackAskUser": { - "name": "SlackAskUser", - "toversion": "3.1.0", - "depends_on": [ - "slack-send" - ], - "script_executions": [ - "addOneTimeEntitlement" - ] - } - }, - { - "CPShowAccessRulebase": { - "name": "CPShowAccessRulebase", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "VolNetworkConnections": { - "name": "VolNetworkConnections" - } - }, - { - "DemistoDeleteIncident": { - "name": "DemistoDeleteIncident", - "deprecated": true, - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "SSDeepReputation": { - "name": "SSDeepReputation", - "script_executions": [ - "findIndicators", - "getContext" - ] - } - }, - { - "GrrGetHunt": { - "name": "GrrGetHunt", - "depends_on": [ - "grr_get_hunt" - ], - "script_executions": [ - "grr_get_hunt" - ] - } - }, - { - "findIncidentsWithIndicator": { - "name": "findIncidentsWithIndicator" - } - }, - { - "ExifRead": { - "name": "ExifRead" - } - }, - { - "AlgosecGetTicket": { - "name": "AlgosecGetTicket", - "depends_on": [ - "algosec-get-ticket" - ] - } - }, - { - "IncapGetDomainApproverEmail": { - "name": "IncapGetDomainApproverEmail", - "depends_on": [ - "incap-get-domain-approver-email" - ] - } - }, - { - "ElasticSearchDisplay": { - "name": "ElasticSearchDisplay", - "depends_on": [ - "search" - ] - } - }, - { - "ContextGetIps": { - "name": "ContextGetIps" - } - }, - { - "D2Hardware": { - "name": "D2Hardware" - } - }, - { - "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { - "name": "OktaSearch", - "deprecated": true, - "depends_on": [ - "okta-search" - ] - } - }, - { - "TrendmicroSecurityProfileRetrieveAll": { - "name": "TrendmicroSecurityProfileRetrieveAll", - "depends_on": [ - "trendmicro-security-profile-retrieve-all" - ] - } - }, - { - "PanoramaConfig": { - "name": "PanoramaConfig", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "RepopulateFiles": { - "name": "RepopulateFiles", - "script_executions": [ - "getEntries" - ] - } - }, - { - "SendMessageToOnlineUsers": { - "name": "SendMessageToOnlineUsers" - } - }, - { - "SetIncidentCustomFields": { - "name": "SetIncidentCustomFields" - } - }, - { - "CEFParser": { - "name": "CEFParser" - } - }, - { - "ADSetNewPassword": { - "name": "ADSetNewPassword", - "deprecated": true, - "depends_on": [ - "ad-set-new-password" - ] - } - }, - { - "misp_upload_sample": { - "name": "misp_upload_sample", - "depends_on": [ - "internal-misp-upload-sample" - ], - "script_executions": [ - "getFilePath" - ] - } - }, - { - "IsValueInArray": { - "name": "IsValueInArray" - } - }, - { - "displayhtml": { - "name": "DisplayHTML" - } - }, - { - "VectraClassifier": { - "name": "VectraClassifier", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "JSONtoCSV": { - "name": "JSONtoCSV", - "script_executions": [ - "getEntry" - ] - } - }, - { - "ConferIncidentDetails": { - "name": "ConferIncidentDetails", - "depends_on": [ - "confer" - ] - } - }, - { - "ParseJSON": { - "name": "ParseJSON" - } - }, - { - "ScheduleCommand": { - "name": "ScheduleCommand" - } - }, - { - "XBTimeline": { - "name": "XBTimeline", - "depends_on": [ - "xb-timeline" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.1.0" - } - }, - { - "IncidentSet": { - "name": "IncidentSet", - "toversion": "3.5.0", - "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" - ] - } - }, - { - "DataIPReputation": { - "name": "DataIPReputation", - "deprecated": true - } - }, - { - "URLSSLVerification": { - "name": "URLSSLVerification" - } - }, - { - "EmailDomainSquattingReputation": { - "name": "EmailDomainSquattingReputation" - } - }, - { - "XBUser": { - "name": "XBUser", - "depends_on": [ - "xb-user" - ] - } - }, - { - "SNUpdateTicket": { - "name": "SNUpdateTicket", - "deprecated": true, - "depends_on": [ - "servicenow-incident-update" - ] - } - }, - { - "ticksToTime": { - "name": "ticksToTime" - } - }, - { - "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { - "name": "VirustotalIsMalicious", - "deprecated": true, - "depends_on": [ - "file" - ], - "script_executions": [ - "file", - "file" - ] - } - }, - { - "TopMaliciousRatioIndicators": { - "name": "TopMaliciousRatioIndicators", - "fromversion": "4.0.0", - "script_executions": [ - "findIndicators", - "maliciousRatio" - ] - } - }, - { - "SetMultipleValues": { - "name": "SetMultipleValues" - } - }, - { - "PanoramaCommit": { - "name": "PanoramaCommit", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "CloseInvestigation": { - "name": "CloseInvestigation", - "deprecated": true - } - }, - { - "CrowdStrikeUrlParse": { - "name": "CrowdStrikeUrlParse" - } - }, - { - "MarkRelatedIncidents": { - "name": "MarkRelatedIncidents" - } - }, - { - "DemistoSendInvite": { - "name": "DemistoSendInvite", - "depends_on": [ - "demisto-api-post", - "demisto-api-get" - ] - } - }, - { - "CommonIntegrationPython": { - "name": "CommonIntegrationPython", - "deprecated": true - } - }, - { - "RunDockerCommand": { - "name": "RunDockerCommand" - } - }, - { - "GoogleappsGmailSearch": { - "name": "GoogleappsGmailSearch", - "deprecated": true, - "depends_on": [ - "googleapps-gmail-search" - ] - } - }, - { - "EPODetermineRepository": { - "name": "EPODetermineRepository", - "deprecated": true - } - }, - { - "emailFieldTriggered": { - "name": "emailFieldTriggered" - } - }, - { - "TrendMicroGetPolicyID": { - "name": "TrendMicroGetPolicyID", - "depends_on": [ - "trendmicro-security-profile-retrieve-all" - ], - "script_executions": [ - "TrendmicroSecurityProfileRetrieveAll" - ] - } - }, - { - "AquatoneDiscover": { - "name": "AquatoneDiscover" - } - }, - { - "ExtractDomainFromURL": { - "name": "ExtractDomainFromURL", - "deprecated": true - } - }, - { - "NetwitnessSAUpdateIncident": { - "name": "NetwitnessSAUpdateIncident", - "deprecated": true, - "depends_on": [ - "nw-update-incident" - ] - } - }, - { - "UnzipFile": { - "name": "UnzipFile", - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "NetwitnessSAGetAvailableAssignees": { - "name": "NetwitnessSAGetAvailableAssignees", - "depends_on": [ - "nw-get-available-assignees" - ] - } - }, - { - "QualysCreateIncidentFromReport": { - "name": "QualysCreateIncidentFromReport", - "depends_on": [ - "qualys-host-list" - ], - "script_executions": [ - "getIncidents" - ] - } - }, - { - "CuckooDetonateURL": { - "name": "CuckooDetonateURL", - "depends_on": [ - "cuckoo-create-task-from-url" - ] - } - }, - { - "UserEnrichAD": { - "name": "UserEnrichAD", - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUser" - ] - } - }, - { - "WordTokenizer": { - "name": "WordTokenizer" - } - }, - { - "da8594b8-0b57-4cb2-8578-94754bb577c6": { - "name": "NetwitnessSAListIncidents", - "depends_on": [ - "nw-list-incidents" - ] - } - }, - { - "IsContextSet": { - "name": "IsContextSet", - "deprecated": true - } - }, - { - "Set": { - "name": "Set" - } - }, - { - "ArcherCreateSecurityIncident": { - "name": "ArcherCreateSecurityIncident", - "depends_on": [ - "archer-create-record" - ] - } - }, - { - "VolMalfindDumpAgent": { - "name": "VolMalfindDumpAgent" - } - }, - { - "TrendmicroSystemEventRetrieve": { - "name": "TrendmicroSystemEventRetrieve", - "depends_on": [ - "trendmicro-system-event-retrieve" - ] - } - }, - { - "MimecastFindEmail": { - "name": "MimecastFindEmail", - "depends_on": [ - "mimecast-query" - ] - } - }, - { - "D2Drop": { - "name": "D2Drop" - } - }, - { - "TaniumFindRunningProcesses": { - "name": "TaniumFindRunningProcesses", - "deprecated": true, - "depends_on": [ - "tn-add-question-complex", - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "NessusScanDetails": { - "name": "NessusScanDetails", - "deprecated": true, - "depends_on": [ - "scan-details" - ] - } - }, - { - "CBPCatalogFindHash": { - "name": "CBPCatalogFindHash", - "depends_on": [ - "cbp-fileCatalog-search" - ] - } - }, - { - "checkValue": { - "name": "checkValue" - } - }, - { - "WhileLoop": { - "name": "WhileLoop", - "deprecated": true - } - }, - { - "D2GetSystemLog": { - "name": "D2GetSystemLog" - } - }, - { - "CopyFileD2": { - "name": "CopyFileD2" - } - }, - { - "CheckFilesWildfirePy": { - "name": "CheckFilesWildfirePy", - "depends_on": [ - "wildfire-upload", - "wildfire-report" - ], - "script_executions": [ - "getEntries" - ] - } - }, - { - "ADGetGroupMembers": { - "name": "ADGetGroupMembers", - "depends_on": [ - "ad-search" - ] - } - }, - { - "SCPPullFiles": { - "name": "SCPPullFiles", - "depends_on": [ - "copy-from" - ] - } - }, - { - "ReadFile": { - "name": "ReadFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VectraSensors": { - "name": "VectraSensors", - "deprecated": true, - "depends_on": [ - "vec-sensors" - ] - } - }, - { - "QRadarFullSearch": { - "name": "QRadarFullSearch", - "deprecated": true, - "depends_on": [ - "qradar-get-search", - "qradar-get-search-results", - "qradar-searches" - ] - } - }, - { - "CSActors": { - "name": "CSActors", - "deprecated": true, - "depends_on": [ - "cs-actors" - ] - } - }, - { - "NessusGetReport": { - "name": "NessusGetReport", - "deprecated": true, - "depends_on": [ - "scan-report-download", - "scan-export", - "scan-export-status" - ] - } - }, - { - "VolRaw": { - "name": "VolRaw" - } - }, - { - "Base64Encode": { - "name": "Base64Encode" - } - }, - { - "LCMAcknowledgeHost": { - "name": "LCMAcknowledgeHost", - "depends_on": [ - "lcm-acknowledge-host" - ], - "script_executions": [ - "LCMHosts" - ] - } - }, - { - "ExtractEmail": { - "name": "ExtractEmail" - } - }, - { - "NexposeVulnExtractor": { - "name": "NexposeVulnExtractor", - "depends_on": [ - "nexpose" - ] - } - }, - { - "XBTriggeredRules": { - "name": "XBTriggeredRules", - "depends_on": [ - "xb-triggered-rules" - ] - } - }, - { - "LoadJSON": { - "name": "LoadJSON" - } - }, - { - "CommonUserServer": { - "name": "CommonUserServer" - } - }, - { - "IsMaliciousIndicatorFound": { - "name": "IsMaliciousIndicatorFound" - } - }, - { - "D2ActiveUsers": { - "name": "D2ActiveUsers" - } - }, - { - "BuildEWSQuery": { - "name": "BuildEWSQuery" - } - }, - { - "da330ce7-3a93-430c-8454-03b96cf5184e": { - "name": "OktaCreateUser", - "deprecated": true, - "depends_on": [ - "okta-create-user" - ] - } - }, - { - "JiraIssueUploadFile": { - "name": "JiraIssueUploadFile", - "deprecated": true, - "depends_on": [ - "jira-issue-upload-file" - ] - } - }, - { - "PanoramaDynamicAddressGroup": { - "name": "PanoramaDynamicAddressGroup", - "deprecated": true - } - }, - { - "ActiveUsersD2": { - "name": "ActiveUsersD2" - } - }, - { - "ParseExcel": { - "name": "ParseExcel", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "MatchRegex": { - "name": "MatchRegex" - } - }, - { - "ip_to_host": { - "name": "IPToHost" - } - }, - { - "AlgosecGetNetworkObject": { - "name": "AlgosecGetNetworkObject", - "depends_on": [ - "algosec-get-network-object" - ] - } - }, - { - "Autoruns": { - "name": "Autoruns" - } - }, - { - "VectraTriage": { - "name": "VectraTriage", - "deprecated": true, - "depends_on": [ - "vec-triage" - ] - } - }, - { - "ATDDetonate": { - "name": "ATDDetonate", - "depends_on": [ - "atd-get-report", - "atd-file-upload", - "atd-check-status" - ] - } - }, - { - "XBInfo": { - "name": "XBInfo" - } - }, - { - "NetwitnessSACreateIncident": { - "name": "NetwitnessSACreateIncident", - "depends_on": [ - "nw-create-incident" - ] - } - }, - { - "ExchangeSearchMailbox": { - "name": "ExchangeSearchMailbox" - } - }, - { - "DT": { - "name": "DT" - } - }, - { - "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { - "name": "VerifyContextFields", - "deprecated": true - } - }, - { - "5d44a5d9-d91a-4420-801f-755f26b60c47": { - "name": "cveLatest", - "deprecated": true, - "depends_on": [ - "cve-latest" - ] - } - }, - { - "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { - "name": "CheckpointFWCreateBackup", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "DemistoLogsBundle": { - "name": "DemistoLogsBundle", - "depends_on": [ - "demisto-api-download" - ] - } - }, - { - "ContextGetEmails": { - "name": "ContextGetEmails" - } - }, - { - "nexpose_create_incidents_from_assets": { - "name": "NexposeCreateIncidentsFromAssets", - "depends_on": [ - "nexpose-get-asset" - ], - "script_executions": [ - "getIncidents" - ] - } - }, - { - "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { - "name": "BlockIP" - } - }, - { - "ExchangeSearch": { - "name": "ExchangeSearch", - "deprecated": true, - "depends_on": [ - "ews-search-mailbox" - ] - } - }, - { - "CPSetRule": { - "name": "CPSetRule", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint", - "checkpoint" - ] - } - }, - { - "VolGetProcWithMalNetConn": { - "name": "VolGetProcWithMalNetConn" - } - }, - { - "ConvertTableToHTML": { - "name": "ConvertTableToHTML" - } - }, - { - "StringLength": { - "name": "StringLength" - } - }, - { - "CuckooGetScreenshot": { - "name": "CuckooGetScreenshot", - "depends_on": [ - "cuckoo-task-screenshot" - ] - } - }, - { - "VolMalfind": { - "name": "VolMalfind" - } - }, - { - "ExposeModules": { - "name": "ExposeModules", - "deprecated": true - } - }, - { - "GrrGetFlows": { - "name": "GrrGetFlows", - "depends_on": [ - "grr_get_flows" - ], - "script_executions": [ - "grr_get_flows" - ] - } - }, - { - "IsTrue": { - "name": "IsTrue" - } - }, - { - "SplunkSearchJsonPy": { - "name": "SplunkSearchJsonPy", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "UnEscapeURLs": { - "name": "UnEscapeURLs" - } - }, - { - "ProofpointDecodeURL": { - "name": "ProofpointDecodeURL" - } - }, - { - "ReadPDFFile": { - "name": "ReadPDFFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "ContextContains": { - "name": "ContextContains" - } - }, - { - "ADIsUserMember": { - "name": "ADIsUserMember", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUserGroups", - "AdSearch" - ] - } - }, - { - "PanoramaMove": { - "name": "PanoramaMove", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "ADGetUserGroups": { - "name": "ADGetUserGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "ADUserLogonInfo": { - "name": "ADUserLogonInfo", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "Osxcollector": { - "name": "Osxcollector" - } - }, - { - "PWObservationPcapInfo": { - "name": "PWObservationPcapInfo", - "deprecated": true, - "depends_on": [ - "observation-pcap-info" - ] - } - }, - { - "QrSearches": { - "name": "QrSearches", - "deprecated": true, - "depends_on": [ - "qr-searches" - ] - } - }, - { - "ExtractIndicatorsFromTextFile": { - "name": "ExtractIndicatorsFromTextFile" - } - }, - { - "CheckIPs": { - "name": "CheckIPs", - "deprecated": true, - "script_executions": [ - "ip" - ] - } - }, - { - "VolDlllist": { - "name": "VolDlllist" - } - }, - { - "FPSetRule": { - "name": "FPSetRule", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "TrendMicroClassifier": { - "name": "TrendMicroClassifier", - "depends_on": [ - "trendmicro-alert-status" - ] - } - }, - { - "TrendMicroGetHostID": { - "name": "TrendMicroGetHostID", - "depends_on": [ - "trendmicro-host-retrieve-all" - ], - "script_executions": [ - "TrendmicroHostRetrieveAll" - ] - } - }, - { - "ExtractDomainFromUrlAndEmail": { - "name": "ExtractDomainFromUrlAndEmail" - } - }, - { - "VectraSettings": { - "name": "VectraSettings", - "deprecated": true, - "depends_on": [ - "vec-settings" - ] - } - }, - { - "GenerateInvestigationSummaryReport": { - "name": "GenerateInvestigationSummaryReport", - "fromversion": "3.5.0" - } - }, - { - "DataDomainReputation": { - "name": "DataDomainReputation", - "fromversion": "3.1.0" - } - }, - { - "EPORepositoryComplianceCheck": { - "name": "EPORepositoryComplianceCheck", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "PWObservations": { - "name": "PWObservations", - "deprecated": true, - "depends_on": [ - "observation-search" - ] - } - }, - { - "DBotPredictTextLabel": { - "name": "DBotPredictTextLabel", - "fromversion": "4.1.0", - "script_executions": [ - "getList" - ] - } - }, - { - "InRange": { - "name": "InRange" - } - }, - { - "IngestCSV": { - "name": "IngestCSV", - "deprecated": true, - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "TrendmicroHostAntimalwareScan": { - "name": "TrendmicroHostAntimalwareScan", - "depends_on": [ - "trendmicro-host-antimalware-scan" - ] - } - }, - { - "QrGetSearchResults": { - "name": "QrGetSearchResults", - "deprecated": true, - "depends_on": [ - "qr-get-search-results" - ] - } - }, - { - "NessusHostDetails": { - "name": "NessusHostDetails", - "deprecated": true, - "depends_on": [ - "scan-host-details" - ] - } - }, - { - "WhereFieldEquals": { - "name": "WhereFieldEquals" - } - }, - { - "OSQueryUsers": { - "name": "OSQueryUsers", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "CrowdStrikeStreamingPreProcessing": { - "name": "CrowdStrikeStreamingPreProcessing", - "script_executions": [ - "addEntries" - ] - } - }, - { - "Strings": { - "name": "Strings", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "QrOffenses": { - "name": "QrOffenses", - "deprecated": true, - "depends_on": [ - "qr-offenses" - ] - } - }, - { - "LCMHosts": { - "name": "LCMHosts" - } - }, - { - "RegProbeBasic": { - "name": "RegProbeBasic" - } - }, - { - "ContextGetHashes": { - "name": "ContextGetHashes" - } - }, - { - "NexposeEmailParser": { - "name": "NexposeEmailParser", - "depends_on": [ - "nexpose" - ] - } - }, - { - "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { - "name": "WhileNotMdLoop", - "deprecated": true - } - }, - { - "SlackMirror": { - "name": "SlackMirror", - "deprecated": true, - "depends_on": [ - "slack-mirror-investigation" - ] - } - }, - { - "CheckFiles": { - "name": "CheckFiles", - "deprecated": true, - "depends_on": [ - "file" - ] - } - }, - { - "IsIPInRanges": { - "name": "IsIPInRanges" - } - }, - { - "CBSessions": { - "name": "CBSessions", - "depends_on": [ - "cb-list-sessions" - ] - } - }, - { - "JSONFileToCSV": { - "name": "JSONFileToCSV", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "GeneratePassword": { - "name": "GeneratePassword" - } - }, - { - "IncidentSet": { - "name": "IncidentSet", - "fromversion": "3.5.1", - "deprecated": true, - "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" - ] - } - }, - { - "GoogleAuthURL": { - "name": "GoogleAuthURL" - } - }, - { - "DataURLReputation": { - "name": "DataURLReputation", - "toversion": "3.0.1" - } - }, - { - "IPReputation": { - "name": "IPReputation", - "script_executions": [ - "ip" - ] - } - }, - { - "AwsCreateImage": { - "name": "AwsCreateImage", - "depends_on": [ - "create-image" - ] - } - }, - { - "WildfireReport": { - "name": "WildfireReport", - "deprecated": true, - "depends_on": [ - "wildfire-report" - ] - } - }, - { - "LCMIndicatorsForEntity": { - "name": "LCMIndicatorsForEntity", - "depends_on": [ - "lcm-indicatorsforentity" - ] - } - }, - { - "hideFieldsOnNewIncident": { - "name": "hideFieldsOnNewIncident", - "fromversion": "3.6.0" - } - }, - { - "ImpSfScheduleTask": { - "name": "ImpSfScheduleTask", - "depends_on": [ - "ImpSfRevokeUnaccessedDevices", - "scheduleEntry" - ], - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "ServiceNowUpdateIncident": { - "name": "ServiceNowUpdateIncident", - "depends_on": [ - "servicenow-query-table", - "servicenow-update-record" - ] - } - }, - { - "DataIPReputation": { - "name": "DataIPReputation", - "toversion": "3.0.1" - } - }, - { - "SetDateField": { - "name": "SetDateField", - "script_executions": [ - "setIncident" - ] - } - }, - { - "ADGetEmailForUser": { - "name": "ADGetEmailForUser", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.6.0", - "fromversion": "3.5.0" - } - }, - { - "PWEventDetails": { - "name": "PWEventDetails", - "deprecated": true, - "depends_on": [ - "pw-event-get" - ] - } - }, - { - "CheckSenderDomainDistance": { - "name": "CheckSenderDomainDistance" - } - }, - { - "7b02fa0f-94ff-48c7-8350-b4e353702e73": { - "name": "VMRay", - "depends_on": [ - "upload_sample" - ], - "script_executions": [ - "getFilePath", - "upload_sample", - "scheduleEntry" - ] - } - }, - { - "PWObservationPcapDownload": { - "name": "PWObservationPcapDownload", - "depends_on": [ - "observation-pcap-download" - ] - } - }, - { - "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { - "name": "cveReputation", - "depends_on": [ - "cve-search" - ] - } - }, - { - "ParseEmailHeader": { - "name": "ParseEmailHeaders", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "IndicatorMaliciousRatioCalculation": { - "name": "IndicatorMaliciousRatioCalculation", - "fromversion": "3.5.0", - "script_executions": [ - "findIndicators", - "getIncidents", - "getIncidents" - ] - } - }, - { - "BinaryReputationPy": { - "name": "BinaryReputationPy", - "deprecated": true, - "depends_on": [ - "file" - ], - "script_executions": [ - "getEntries", - "file", - "file" - ] - } - }, - { - "ArcherUpdateSecurityIncident": { - "name": "ArcherUpdateSecurityIncident", - "depends_on": [ - "archer-update-record" - ] - } - }, - { - "IsListExist": { - "name": "IsListExist", - "script_executions": [ - "getList" - ] - } - }, - { - "CSCountDevicesForIOC": { - "name": "CSCountDevicesForIOC", - "deprecated": true, - "depends_on": [ - "cs-device-count-ioc" - ] - } - }, - { - "LCMSetHostComment": { - "name": "LCMSetHostComment", - "depends_on": [ - "lcm-set-host-comment" - ], - "script_executions": [ - "LCMHosts" - ] - } - }, - { - "D2Exec": { - "name": "D2Exec" - } - }, - { - "OSQueryProcesses": { - "name": "OSQueryProcesses", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "NessusScanStatus": { - "name": "NessusScanStatus", - "deprecated": true, - "depends_on": [ - "scan-details" - ] - } - }, - { - "DemistoLinkIncidents": { - "name": "DemistoLinkIncidents", - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "JiraCreateIssue": { - "name": "JiraCreateIssue", - "deprecated": true, - "depends_on": [ - "jira-create-issue" - ] - } - }, - { - "LocateAttachment": { - "name": "LocateAttachment", - "deprecated": true, - "script_executions": [ - "getEntries" - ] - } - }, - { - "ADGetComputerGroups": { - "name": "ADGetComputerGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "AdSearch" - ] - } - }, - { - "MapValues": { - "name": "MapValues" - } - }, - { - "QrGetSearch": { - "name": "QrGetSearch", - "deprecated": true, - "depends_on": [ - "qr-get-search" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "fromversion": "4.0.0" - } - }, - { - "AwsGetInstanceInfo": { - "name": "AwsGetInstanceInfo", - "depends_on": [ - "get-instance-info", - "get-ebs-volume-info", - "get-sg-info" - ] - } - }, - { - "CreateArray": { - "name": "CreateArray" - } - }, - { - "ADListUsers": { - "name": "ADListUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CBPFindRule": { - "name": "CBPFindRule", - "depends_on": [ - "cbp-fileRule-search" - ] - } - }, - { - "GoogleappsListUsers": { - "name": "GoogleappsListUsers", - "deprecated": true, - "depends_on": [ - "googleapps-list-users" - ] - } - }, - { - "ParseCSV": { - "name": "ParseCSV", - "script_executions": [ - "getEntries" - ] - } - }, - { - "D2Winpmem": { - "name": "D2Winpmem" - } - }, - { - "AlgosecGetApplications": { - "name": "AlgosecGetApplications", - "depends_on": [ - "algosec-get-applications" - ] - } - }, - { - "Elasticsearch": { - "name": "Elasticsearch", - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "EPOUpdateRepository": { - "name": "EPOUpdateRepository", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "ZipFile": { - "name": "ZipFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VectraSummary": { - "name": "VectraSummary", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "MattermostAskUser": { - "name": "MattermostAskUser", - "depends_on": [ - "mattermost-send" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "WhoisSummary": { - "name": "WhoisSummary", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "AssignAnalystToIncident": { - "name": "AssignAnalystToIncident" - } - }, - { - "Base64ListToFile": { - "name": "Base64ListToFile", - "script_executions": [ - "getList" - ] - } - }, - { - "LCMPathFinderScanHost": { - "name": "LCMPathFinderScanHost", - "depends_on": [ - "lcm-pathfinder-scan" - ] - } - }, - { - "IncapScheduleTask": { - "name": "IncapScheduleTask", - "depends_on": [ - "scheduleEntry", - "IncapWhitelistCompliance" - ], - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "SbQuery": { - "name": "SbQuery", - "depends_on": [ - "sb-query" - ] - } - }, - { - "GetStringsDistance": { - "name": "GetStringsDistance" - } - }, - { - "CSHuntByIOC": { - "name": "CSHuntByIOC", - "deprecated": true, - "depends_on": [ - "cs-device-ran-on" - ] - } - }, - { - "FireEyeDetonateFile": { - "name": "FireEyeDetonateFile", - "depends_on": [ - "fe-submit", - "fe-submit-result", - "fe-submit-status" - ], - "script_executions": [ - "IsIntegrationAvailable" - ] - } - }, - { - "514ec833-c02c-49a3-8ac6-d982198f5fa0": { - "name": "OktaUpdateUser", - "deprecated": true, - "depends_on": [ - "okta-update-user" - ] - } - }, - { - "JoinIfSingleElementOnly": { - "name": "JoinIfSingleElementOnly" - } - }, - { - "PWObservationDetails": { - "name": "PWObservationDetails", - "deprecated": true, - "depends_on": [ - "pw-observation-get" - ] - } - }, - { - "SNOpenTicket": { - "name": "SNOpenTicket", - "deprecated": true, - "depends_on": [ - "servicenow-incident-create" - ] - } - }, - { - "IPInfoQuery": { - "name": "IPInfoQuery", - "deprecated": true, - "depends_on": [ - "ipinfo_field" - ], - "script_executions": [ - "ipinfo_field", - "ip" - ] - } - }, - { - "RegCollectValues": { - "name": "RegCollectValues" - } - }, - { - "MD5Extract": { - "name": "MD5Extract", - "deprecated": true - } - }, - { - "CommonIntegration": { - "name": "CommonIntegration", - "deprecated": true - } - }, - { - "CBPBanHash": { - "name": "CBPBanHash", - "depends_on": [ - "cbp-fileRule-update" - ] - } - }, - { - "URLDecode": { - "name": "URLDecode" - } - }, - { - "AwsRunInstance": { - "name": "AwsRunInstance", - "depends_on": [ - "run-instance" - ] - } - }, - { - "EPORetrieveCurrentDATVersion": { - "name": "EPORetrieveCurrentDATVersion", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "TaniumShowPendingActions": { - "name": "TaniumShowPendingActions", - "deprecated": true, - "depends_on": [ - "tn-get-object" - ] - } - }, - { - "PrintErrorEntry": { - "name": "PrintErrorEntry", - "fromversion": "4.0.0" - } - }, - { - "SEPCheckOutdatedEndpoints": { - "name": "SEPCheckOutdatedEndpoints", - "depends_on": [ - "sep-client-content" - ] - } - }, - { - "URLNumberOfAds": { - "name": "URLNumberOfAds" - } - }, - { - "IncidentToContext": { - "name": "IncidentToContext", - "deprecated": true - } - }, - { - "D2Users": { - "name": "D2Users" - } - }, - { - "StripChars": { - "name": "StripChars" - } - }, - { - "RegPathReputationBasicLists": { - "name": "RegPathReputationBasicLists" - } - }, - { - "IsIntegrationAvailable": { - "name": "IsIntegrationAvailable" - } - }, - { - "ExposeIncidentOwner": { - "name": "ExposeIncidentOwner" - } - }, - { - "EmailReputation": { - "name": "EmailReputation", - "script_executions": [ - "email" - ] - } - }, - { - "AwsCreateVolumeSnapshot": { - "name": "AwsCreateVolumeSnapshot", - "depends_on": [ - "create-volume-snapshot" - ] - } - }, - { - "CreateEmailHtmlBody": { - "name": "CreateEmailHtmlBody" - } - }, - { - "listExecutedCommands": { - "name": "listExecutedCommands" - } - }, - { - "EPOUpdateEndpoints": { - "name": "EPOUpdateEndpoints", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "CheckSender": { - "name": "CheckSender", - "depends_on": [ - "pipl-search" - ] - } - }, - { - "NessusLaunchScan": { - "name": "NessusLaunchScan", - "deprecated": true, - "depends_on": [ - "scan-launch" - ] - } - }, - { - "ADGetGroupUsers": { - "name": "ADGetGroupUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CPTaskStatus": { - "name": "CPTaskStatus", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "80b5c44c-4eac-4e00-812f-6d409d57be31": { - "name": "WhoisLookup", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "NetwitnessSAAddEventsToIncident": { - "name": "NetwitnessSAAddEventsToIncident", - "depends_on": [ - "nw-add-events-to-incident" - ] - } - }, - { - "StopScheduledTask": { - "name": "StopScheduledTask", - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "SalesforceAskUser": { - "name": "SalesforceAskUser", - "depends_on": [ - "salesforce-push-comment" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "ADListUsersEx": { - "name": "ADListUsersEx", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "OSQueryOpenSockets": { - "name": "OSQueryOpenSockets", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "EsmExample": { - "name": "EsmExample", - "depends_on": [ - "search" - ] - } - }, - { - "SetSeverityByScore": { - "name": "SetSeverityByScore", - "script_executions": [ - "IncidentSet", - "IncidentSet", - "IncidentSet" - ] - } - }, - { - "RSAArcherManualFetch": { - "name": "RSAArcherManualFetch", - "depends_on": [ - "archer-manually-fetch-incident" - ], - "script_executions": [ - "createNewIncident" - ] - } - }, - { - "CheckpointFWBackupStatus": { - "name": "CheckpointFWBackupStatus", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "VolImageinfo": { - "name": "VolImageinfo" - } - }, - { - "CBPApproveHash": { - "name": "CBPApproveHash", - "depends_on": [ - "cbp-fileRule-update" - ] - } - }, - { - "ParseEmailFile": { - "name": "ParseEmailFile", - "deprecated": true, - "script_executions": [ - "getEntry", - "getFilePath" - ] - } - }, - { - "GoogleappsRevokeUserRole": { - "name": "GoogleappsRevokeUserRole", - "depends_on": [ - "googleapps-revoke-user-role" - ] - } - }, - { - "DBotPredictPhishingEvaluation": { - "name": "DBotPredictPhishingEvaluation", - "fromversion": "4.1.0", - "script_executions": [ - "DBotPreparePhishingData", - "setIncident" - ] - } - }, - { - "DemistoUploadFile": { - "name": "DemistoUploadFile", - "depends_on": [ - "demisto-api-multipart" - ] - } - }, - { - "SNListTickets": { - "name": "SNListTickets", - "deprecated": true, - "depends_on": [ - "servicenow-incidents-query" - ] - } - }, - { - "JiraIssueAddComment": { - "name": "JiraIssueAddComment", - "deprecated": true, - "depends_on": [ - "jira-issue-add-comment" - ] - } - }, - { - "AlgosecCreateTicket": { - "name": "AlgosecCreateTicket", - "depends_on": [ - "algosec-create-ticket" - ] - } - }, - { - "DeleteContext": { - "name": "DeleteContext" - } - }, - { - "ADGetUsersByEmail": { - "name": "ADGetUsersByEmail", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "LanguageDetect": { - "name": "LanguageDetect" - } - }, - { - "IncapGetAppInfo": { - "name": "IncapGetAppInfo", - "depends_on": [ - "incap-get-app-info" - ] - } - }, - { - "SplunkEmailParser": { - "name": "SplunkEmailParser", - "depends_on": [ - "search" - ] - } - }, - { - "GetTime": { - "name": "GetTime" - } - }, - { - "PortListenCheck": { - "name": "PortListenCheck" - } - }, - { - "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { - "name": "WhileNotExistLoop", - "deprecated": true - } - }, - { - "PanoramaBlockIP": { - "name": "PanoramaBlockIP", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "IdentifyAttachedEmail": { - "name": "IdentifyAttachedEmail", - "script_executions": [ - "getEntries" - ] - } - }, - { - "D2Services": { - "name": "D2Services" - } - }, - { - "AlgosecQuery": { - "name": "AlgosecQuery", - "depends_on": [ - "algosec-query" - ] - } - }, - { - "AwsStartInstance": { - "name": "AwsStartInstance", - "depends_on": [ - "start-instance" - ] - } - }, - { - "DomainReputation": { - "name": "DomainReputation", - "script_executions": [ - "domain" - ] - } - }, - { - "GetDuplicatesMlv2": { - "name": "GetDuplicatesMlv2", - "fromversion": "3.5.0", - "script_executions": [ - "getIncidents", - "findIndicators", - "getIncidents" - ] - } - }, - { - "JIRAPrintIssue": { - "name": "JIRAPrintIssue", - "depends_on": [ - "jira-get-issue" - ] - } - }, - { - "FPDeleteRule": { - "name": "FPDeleteRule", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "isError": { - "name": "isError" - } - }, - { - "CommonServerPython": { - "name": "CommonServerPython" - } - }, - { - "10cb3486-48f3-4d93-88af-b6be84ffd432": { - "name": "OktaGetGroups", - "deprecated": true, - "depends_on": [ - "okta-get-groups" - ] - } - }, - { - "DocumentationAutomation": { - "name": "DocumentationAutomation", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "FileReputation": { - "name": "FileReputation", - "script_executions": [ - "file" - ] - } - }, - { - "AreValuesEqual": { - "name": "AreValuesEqual" - } - }, - { - "LCMDetectedEntities": { - "name": "LCMDetectedEntities", - "depends_on": [ - "lcm-entities" - ] - } - }, - { - "UtilAnyResults": { - "name": "UtilAnyResults" - } - }, - { - "ExampleJSScript": { - "name": "ExampleJSScript" - } - }, - { - "UnEscapeIPs": { - "name": "UnEscapeIPs" - } - }, - { - "OSQueryLoggedInUsers": { - "name": "OSQueryLoggedInUsers", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "FindSimilarIncidentsByText": { - "name": "FindSimilarIncidentsByText" - } - }, - { - "IncapWhitelistCompliance": { - "name": "IncapWhitelistCompliance", - "depends_on": [ - "incap-get-domain-approver-email", - "RemoteExec", - "incap-list-sites", - "SendEmail" - ], - "script_executions": [ - "SendEmail", - "RemoteExec" - ] - } - }, - { - "c99e196b-e05e-41f2-82cb-6798f33cb653": { - "name": "cveSearch", - "deprecated": true, - "depends_on": [ - "cve-search" - ] - } - }, - { - "5e125fdd-72f1-455f-89fa-e6f9405174a4": { - "name": "NotInContextVerification" - } - }, - { - "ExtractDomain": { - "name": "ExtractDomain" - } - }, - { - "DemistoCreateList": { - "name": "DemistoCreateList", - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "ServiceNowQueryIncident": { - "name": "ServiceNowQueryIncident", - "depends_on": [ - "servicenow-query-table" - ] - } - }, - { - "MimecastQuery": { - "name": "MimecastQuery", - "depends_on": [ - "mimecast-query" - ] - } - }, - { - "misp_download_sample": { - "name": "misp_download_sample", - "depends_on": [ - "internal-misp-download-sample" - ] - } - }, - { - "ExchangeDeleteIDsFromContext": { - "name": "ExchangeDeleteIDsFromContext", - "deprecated": true, - "depends_on": [ - "ews-delete-items" - ] - } - }, - { - "DumpJSON": { - "name": "DumpJSON" - } - }, - { - "ADGetGroupComputers": { - "name": "ADGetGroupComputers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "TrendmicroAntiMalwareEventRetrieve": { - "name": "TrendmicroAntiMalwareEventRetrieve", - "depends_on": [ - "trendmicro-anti-malware-event-retrieve" - ] - } - }, - { - "Sleep": { - "name": "Sleep" - } - }, - { - "AdSearch": { - "name": "AdSearch", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "XBNotable": { - "name": "XBNotable", - "depends_on": [ - "xb-notable" - ] - } - }, - { - "GoogleappsGetUser": { - "name": "GoogleappsGetUser", - "deprecated": true, - "depends_on": [ - "googleapps-get-user" - ] - } - }, - { - "CBLiveFetchFiles": { - "name": "CBLiveFetchFiles", - "depends_on": [ - "CBLiveGetFile" - ], - "script_executions": [ - "CBLiveGetFile" - ] - } - }, - { - "JiraIssueAddLink": { - "name": "JiraIssueAddLink", - "deprecated": true, - "depends_on": [ - "jira-issue-add-link" - ] - } - }, - { - "ContextSearchForString": { - "name": "ContextSearchForString" - } - }, - { - "ShowOnMap": { - "name": "ShowOnMap" - } - }, - { - "CBFindIP": { - "name": "CBFindIP", - "depends_on": [ - "CBSearch" - ], - "script_executions": [ - "CBSearch" - ] - } - }, - { - "D2Rekall": { - "name": "D2Rekall" - } - }, - { - "CuckooGetReport": { - "name": "CuckooGetReport", - "depends_on": [ - "cuckoo-get-task-report" - ] - } - }, - { - "BinarySearchPy": { - "name": "BinarySearchPy", - "depends_on": [ - "cb-process" - ], - "script_executions": [ - "getEntries" - ] - } - }, - { - "Volatility": { - "name": "Volatility" - } - }, - { - "GrrGetFiles": { - "name": "GrrGetFiles", - "depends_on": [ - "grr_get_files" - ], - "script_executions": [ - "grr_get_files" - ] - } - }, - { - "FetchFileD2": { - "name": "FetchFileD2" - } - }, - { - "ToTable": { - "name": "ToTable" - } - }, - { - "XBLockouts": { - "name": "XBLockouts", - "depends_on": [ - "xb-lockouts" - ] - } - }, - { - "ExchangeAssignRole": { - "name": "ExchangeAssignRole" - } - }, - { - "GrrSetHunts": { - "name": "GrrSetHunts", - "depends_on": [ - "grr_set_hunts" - ], - "script_executions": [ - "grr_set_hunts" - ] - } - }, - { - "MaliciousRatioReputation": { - "name": "MaliciousRatioReputation", - "fromversion": "4.0.0", - "script_executions": [ - "findIndicators", - "maliciousRatio" - ] - } - }, - { - "EPOFindSystem": { - "name": "EPOFindSystem", - "depends_on": [ - "epo-command" - ] - } - }, - { - "TaniumAskQuestionComplex": { - "name": "TaniumAskQuestionComplex", - "deprecated": true, - "depends_on": [ - "tn-add-question-complex", - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "DataURLReputation": { - "name": "DataURLReputation", - "deprecated": true - } - }, - { - "DataHashReputation": { - "name": "DataHashReputation", - "toversion": "3.0.1", - "depends_on": [ - "file" - ] - } - }, - { - "GetIndicatorDBotScore": { - "name": "GetIndicatorDBotScore", - "fromversion": "3.5.0", - "script_executions": [ - "getIndicator" - ] - } - }, - { - "HTTPListRedirects": { - "name": "HTTPListRedirects" - } - }, - { - "DataHashReputation": { - "name": "DataHashReputation", - "deprecated": true, - "depends_on": [ - "file" - ] - } - }, - { - "CBEvents": { - "name": "CBEvents", - "depends_on": [ - "cb-process", - "process-events" - ] - } - }, - { - "Whois": { - "name": "Whois", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "MarkAsNoteByTag": { - "name": "MarkAsNoteByTag", - "script_executions": [ - "getEntries", - "markAsNote" - ] - } - }, - { - "TaniumApprovePendingActions": { - "name": "TaniumApprovePendingActions", - "deprecated": true, - "depends_on": [ - "tn-add-object", - "tn-get-object" - ] - } - }, - { - "GenericPollingScheduledTask": { - "name": "GenericPollingScheduledTask" - } - }, - { - "NessusListScans": { - "name": "NessusListScans", - "deprecated": true, - "depends_on": [ - "scans-list" - ] - } - }, - { - "TaniumAskQuestion": { - "name": "TaniumAskQuestion", - "deprecated": true, - "depends_on": [ - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "ExportToCSV": { - "name": "ExportToCSV" - } - }, - { - "URLReputation": { - "name": "URLReputation", - "script_executions": [ - "url" - ] - } - }, - { - "IncidentAddSystem": { - "name": "IncidentAddSystem" - } - }, - { - "FindSimilarIncidents": { - "name": "FindSimilarIncidents", - "script_executions": [ - "getContext" - ] - } - }, - { - "CPDeleteRule": { - "name": "CPDeleteRule", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint", - "checkpoint" - ] - } - }, - { - "RegexGroups": { - "name": "RegexGroups" - } - }, - { - "RemoteExec": { - "name": "RemoteExec", - "depends_on": [ - "ssh" - ] - } - }, - { - "PublishEntriesToContext": { - "name": "PublishEntriesToContext" - } - }, - { - "http": { - "name": "http", - "toversion": "3.1.0" - } - }, - { - "GoogleappsGetUserRoles": { - "name": "GoogleappsGetUserRoles", - "deprecated": true, - "depends_on": [ - "googleapps-get-user-roles" - ] - } - }, - { - "ExchangeDeleteMail": { - "name": "ExchangeDeleteMail" - } - }, - { - "SbUpload": { - "name": "SbUpload", - "depends_on": [ - "sb-upload" - ] - } - }, - { - "3dd62013-4fed-43eb-8ae4-91b1b4250599": { - "name": "OktaSetPassword", - "deprecated": true, - "depends_on": [ - "okta-set-password" - ] - } - }, - { - "D2Processes": { - "name": "D2Processes" - } - }, - { - "IncapListSites": { - "name": "IncapListSites", - "depends_on": [ - "incap-list-sites" - ] - } - }, - { - "ADGetEmailForAllUsers": { - "name": "ADGetEmailForAllUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CuckooTaskStatus": { - "name": "CuckooTaskStatus", - "depends_on": [ - "cuckoo-view-task" - ] - } - }, - { - "PWEvents": { - "name": "PWEvents", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "NexposeEmailParserForVuln": { - "name": "NexposeEmailParserForVuln", - "depends_on": [ - "nexpose" - ] - } - }, - { - "CloseInvestigationAsDuplicate": { - "name": "CloseInvestigationAsDuplicate", - "script_executions": [ - "linkIncidents" - ] - } - }, - { - "GetDuplicatesMl": { - "name": "GetDuplicatesMl", - "fromversion": "3.5.0", - "deprecated": true, - "script_executions": [ - "getIncidents", - "findIndicators", - "getIncidents" - ] - } - }, - { - "FailedInstances": { - "name": "FailedInstances", - "fromversion": "4.0.0" - } - }, - { - "UnPackFile": { - "name": "UnPackFile", - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "http": { - "name": "http", - "fromversion": "3.5.0" - } - }, - { - "DBotPredictPhishingLabel": { - "name": "DBotPredictPhishingLabel", - "fromversion": "4.1.0", - "script_executions": [ - "DBotPredictTextLabel" - ] - } - }, - { - "CPCreateBackup": { - "name": "CPCreateBackup", - "deprecated": true, - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "ExtractIP": { - "name": "ExtractIP" - } - }, - { - "CheckURLs": { - "name": "CheckURLs", - "deprecated": true, - "script_executions": [ - "url" - ] - } - }, - { - "SplunkPySearch": { - "name": "SplunkPySearch", - "depends_on": [ - "splunk-search" - ] - } - }, - { - "GrrGetHunts": { - "name": "GrrGetHunts", - "depends_on": [ - "grr_get_hunts" - ], - "script_executions": [ - "grr_get_hunts" - ] - } - }, - { - "ImpSfSetEndpointStatus": { - "name": "ImpSfSetEndpointStatus", - "depends_on": [ - "imp-sf-set-endpoint-status" - ] - } - }, - { - "PCAPMiner": { - "name": "PCAPMiner", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "D2GetFile": { - "name": "D2GetFile" - } - }, - { - "PagerDutyAssignOnCallUser": { - "name": "PagerDutyAssignOnCallUser", - "depends_on": [ - "PagerDuty-get-users-on-call-now" - ] - } - }, - { - "ExtractHTMLTables": { - "name": "ExtractHTMLTables" - } - }, - { - "ContainsCreditCardInfo": { - "name": "ContainsCreditCardInfo" - } - }, - { - "CBSearch": { - "name": "CBSearch" - } - }, - { - "DataDomainReputation": { - "name": "DataDomainReputation", - "toversion": "3.0.1" - } - }, - { - "DBotClosedIncidentsPercentage": { - "name": "DBotClosedIncidentsPercentage" - } - }, - { - "CBAlerts": { - "name": "CBAlerts", - "depends_on": [ - "cb-alert" - ] - } - }, - { - "ParseWordDoc": { - "name": "ParseWordDoc", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VolJson": { - "name": "VolJson" - } - }, - { - "SlackSend": { - "name": "SlackSend", - "deprecated": true, - "depends_on": [ - "slack-send" - ] - } - }, - { - "ExposeList": { - "name": "ExposeList", - "deprecated": true - } - }, - { - "VectraHealth": { - "name": "VectraHealth", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "D2ExecuteCommand": { - "name": "D2ExecuteCommand" - } - }, - { - "46e2109c-b735-458e-884f-030229a20830": { - "name": "SetByIncidentId" - } - }, - { - "dfa728bb-8291-4f8c-8185-53fad210f1b5": { - "name": "VerifyHumanReadableContains" - } - }, - { - "ContextGetPathForString": { - "name": "ContextGetPathForString" - } - }, - { - "LCMResolveHost": { - "name": "LCMResolveHost", - "depends_on": [ - "lcm-resolve-host" - ] - } - }, - { - "IsGreaterThan": { - "name": "IsGreaterThan" - } - }, - { - "SbQuota": { - "name": "SbQuota", - "depends_on": [ - "sb-quota" - ] - } - }, - { - "ContextFilter": { - "name": "ContextFilter" - } - }, - { - "O365SearchEmails": { - "name": "O365SearchEmails", - "script_executions": [ - "D2O365SearchAndDelete", - "D2O365ComplianceSearch" - ] - } - }, - { - "AnalyzeOSX": { - "name": "AnalyzeOSX", - "depends_on": [ - "url", - "Osxcollector", - "file" - ] - } - }, - { - "PWEventPcapDownload": { - "name": "PWEventPcapDownload", - "depends_on": [ - "event-pcap-download" - ] - } - }, - { - "AnalyzeMemImage": { - "name": "AnalyzeMemImage" - } - }, - { - "8bb47409-fffb-40c4-8601-d5fd20384e26": { - "name": "SetTime", - "script_executions": [ - "setIncident" - ] - } - }, - { - "JiraGetIssue": { - "name": "JiraGetIssue", - "deprecated": true, - "depends_on": [ - "jira-get-issue" - ] - } - }, - { - "ADExpirePassword": { - "name": "ADExpirePassword", - "deprecated": true, - "depends_on": [ - "ad-expire-password" - ] - } - }, - { - "ImpSfRevokeUnaccessedDevices": { - "name": "ImpSfRevokeUnaccessedDevices", - "depends_on": [ - "ImpSfSetEndpointStatus", - "ImpSfListEndpoints" - ], - "script_executions": [ - "SendEmail", - "ImpSfListEndpoints", - "ImpSfSetEndpointStatus" - ] - } - }, - { - "ADGetUser": { - "name": "ADGetUser", - "depends_on": [ - "ad-search" - ] - } - }, - { - "SendEmail": { - "name": "SendEmail", - "depends_on": [ - "send-mail" - ] - } - }, - { - "EPOCheckLatestDAT": { - "name": "EPOCheckLatestDAT", - "deprecated": true - } - }, - { - "PagerDutyAlertOnIncident": { - "name": "PagerDutyAlertOnIncident", - "depends_on": [ - "PagerDuty-submit-event" - ] - } - }, - { - "URLExtract": { - "name": "URLExtract", - "deprecated": true - } - }, - { - "TaniumDeployAction": { - "name": "TaniumDeployAction", - "deprecated": true, - "depends_on": [ - "tn-deploy-package" - ] - } - }, - { - "SendEmailToManager": { - "name": "SendEmailToManager", - "toversion": "3.1.0", - "depends_on": [ - "ad-search", - "send-mail" - ], - "script_executions": [ - "AdSearch", - "AdSearch", - "addOneTimeEntitlement" - ] - } - }, - { - "StringReplace": { - "name": "StringReplace" - } - }, - { - "TextFromHTML": { - "name": "TextFromHTML" - } - }, - { - "CPShowBackupStatus": { - "name": "CPShowBackupStatus", - "deprecated": true, - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "RunPollingCommand": { - "name": "RunPollingCommand", - "fromversion": "4.0.0" - } - }, - { - "CBWatchlists": { - "name": "CBWatchlists", - "depends_on": [ - "cb-watchlist-get" - ] - } - }, - { - "DamSensorDown": { - "name": "DamSensorDown", - "depends_on": [ - "dam-get-latest-by-rule" - ] - } - }, - { - "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { - "name": "OktaDeactivateUser", - "deprecated": true, - "depends_on": [ - "okta-deactivate-user" - ] - } - }, - { - "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { - "name": "NetwitnessQuery", - "depends_on": [ - "nw-sdk-query" - ] - } - }, - { - "CBSensors": { - "name": "CBSensors", - "depends_on": [ - "cb-list-sensors" - ] - } - }, - { - "VolRunCmds": { - "name": "VolRunCmds" - } - }, - { - "ADGetComputer": { - "name": "ADGetComputer", - "depends_on": [ - "ad-search" - ] - } - }, - { - "DemistoUploadFileToIncident": { - "name": "DemistoUploadFileToIncident", - "depends_on": [ - "demisto-api-multipart" - ] - } - }, - { - "SbDownload": { - "name": "SbDownload", - "depends_on": [ - "sb-download" - ] - } - }, - { - "OSQueryBasicQuery": { - "name": "OSQueryBasicQuery", - "depends_on": [ - "RemoteExec" - ], - "script_executions": [ - "RemoteExec" - ] - } - }, - { - "AggregateIOCs": { - "name": "AggregateIOCs", - "deprecated": true - } - }, - { - "LinkIncidentsWithRetry": { - "name": "LinkIncidentsWithRetry", - "script_executions": [ - "linkIncidents", - "linkIncidents" - ] - } - }, - { - "PDFUnlocker": { - "name": "PDFUnlocker", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "D2RegQuery": { - "name": "D2RegQuery" - } - }, - { - "ExtractURL": { - "name": "ExtractURL" - } - }, - { - "StringContains": { - "name": "StringContains" - } - }, - { - "CPBlockIP": { - "name": "CPBlockIP", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "TrendmicroSecurityProfileAssignToHost": { - "name": "TrendmicroSecurityProfileAssignToHost", - "depends_on": [ - "trendmicro-security-profile-assign-to-host" - ] - } - }, - { - "JiraCreateIssue-example": { - "name": "JiraCreateIssue-example", - "depends_on": [ - "jira-create-issue", - "jira-delete-issue" - ] - } - }, - { - "VolApihooks": { - "name": "VolApihooks" - } - }, - { - "ADGetCommonGroups": { - "name": "ADGetCommonGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUserGroups" - ] - } - }, - { - "NetwitnessSAGetComponents": { - "name": "NetwitnessSAGetComponents", - "depends_on": [ - "nw-get-components" - ] - } - }, - { - "QRadarGetCorrelationLogs": { - "name": "QRadarGetCorrelationLogs", - "depends_on": [ - "qradar-searches" - ], - "script_executions": [ - "QRadarFullSearch" - ] - } - }, - { - "CountArraySize": { - "name": "CountArraySize" - } - }, - { - "ConvertXmlToJson": { - "name": "ConvertXmlToJson" - } - }, - { - "D2PEDump": { - "name": "D2PEDump" - } - }, - { - "CBPFindComputer": { - "name": "CBPFindComputer", - "depends_on": [ - "cbp-computer-search" - ] - } - }, - { - "ClassifierNotifyAdmin": { - "name": "ClassifierNotifyAdmin", - "depends_on": [ - "send-mail" - ] - } - }, - { - "SlackAskUser": { - "name": "SlackAskUser", - "fromversion": "3.5.0", - "depends_on": [ - "slack-send" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "Exists": { - "name": "Exists" - } - }, - { - "NetwitnessSAGetEvents": { - "name": "NetwitnessSAGetEvents", - "depends_on": [ - "nw-get-events" - ] - } - }, - { - "DBotTrainTextClassifier": { - "name": "DBotTrainTextClassifier", - "fromversion": "4.1.0", - "script_executions": [ - "getFilePath", - "createList" - ] - } - }, - { - "CommonServer": { - "name": "CommonServer" - } - }, - { - "LCMDetectedIndicators": { - "name": "LCMDetectedIndicators", - "depends_on": [ - "lcm-indicators" - ] - } - }, - { - "SplunkSearch": { - "name": "SplunkSearch", - "deprecated": true, - "depends_on": [ - "search" - ] - } - }, - { - "IsIPInSubnet": { - "name": "IsIPInSubnet", - "deprecated": true - } - }, - { - "TrendmicroHostRetrieveAll": { - "name": "TrendmicroHostRetrieveAll", - "depends_on": [ - "trendmicro-host-retrieve-all" - ] - } - }, - { - "getMlFeatures": { - "name": "getMlFeatures", - "fromversion": "3.5.0", - "script_executions": [ - "findIndicators", - "getIncidents" - ] - } - }, - { - "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { - "name": "SEPScan", - "depends_on": [ - "sep-command-status" - ] - } - }, - { - "PrintContext": { - "name": "PrintContext" - } - }, - { - "D2O365SearchAndDelete": { - "name": "D2O365SearchAndDelete" - } - }, - { - "DBotPreparePhishingData": { - "name": "DBotPreparePhishingData", - "fromversion": "4.1.0", - "script_executions": [ - "getContext", - "getIncidents", - "createList", - "WordTokenizer" - ] - } - }, - { - "QRadarGetOffenseCorrelations": { - "name": "QRadarGetOffenseCorrelations", - "depends_on": [ - "qradar-searches" - ], - "script_executions": [ - "QRadarFullSearch" - ] - } - }, - { - "ShowScheduledEntries": { - "name": "ShowScheduledEntries" - } - }, - { - "EmailAskUserResponse": { - "name": "EmailAskUserResponse" - } - }, - { - "IsEmailAddressInternal": { - "name": "IsEmailAddressInternal" - } - }, - { - "DemistoGetIncidentTasksByState": { - "name": "DemistoGetIncidentTasksByState" - } - }, - { - "VectraGetHostById": { - "name": "VectraGetHostById", - "deprecated": true, - "depends_on": [ - "vec-get-host-by-id" - ] - } - }, - { - "DefaultIncidentClassifier": { - "name": "DefaultIncidentClassifier" - } - }, - { - "TestCreateTagTextFile": { - "name": "TestCreateTagTextFile", - "script_executions": [ - "createList" - ] - } - }, - { - "TestCreateWordFile": { - "name": "TestCreateWordFile" - } - }, - { - "GenerateImageFileEntry": { - "name": "GenerateImageFileEntry" - } - }, - { - "a18ff76e-c462-4daa-8be2-6a1b5308713f": { - "name": "TestCreateDuplicates" - } - }, - { - "c5cb179f-d6d2-4d87-8857-b224689d5b00": { - "name": "VerifyTreeToFlatObject" - } - }, - { - "GenerateUUID": { - "name": "GenerateUUID" - } - }, - { - "TestXml2JSON": { - "name": "TestXml2JSON" - } - }, - { - "3b260f00-772c-4d4e-84ea-e47226637497": { - "name": "VerifyHumanReadableEquals", - "fromversion": "3.6.0" - } - }, - { - "ValidateErrorExistence": { - "name": "ValidateErrorExistence", - "script_executions": [ - "getEntries" - ] - } - }, - { - "CompleteManualTask": { - "name": "CompleteManualTask", - "script_executions": [ - "DemistoGetIncidentTasksByState", - "taskComplete" - ] - } - }, - { - "GenerateIP": { - "name": "GenerateIP" - } - }, - { - "CarbonBlackResponseFilterSensors": { - "name": "CarbonBlackResponseFilterSensors" - } - }, - { - "RaiseError": { - "name": "RaiseError" - } - }, - { - "GenerateEmail": { - "name": "GenerateEmail" - } - }, - { - "PhishingIncident": { - "name": "PhishingIncident", - "script_executions": [ - "setIncident" - ] - } - }, - { - "VerifyTableToMarkDown": { - "name": "VerifyTableToMarkDown" - } - }, - { - "TestFormatTableValues": { - "name": "TestFormatTableValues" - } - }, - { - "TestCreateIncidents": { - "name": "TestCreateIncidents", - "script_executions": [ - "createNewIncident", - "createNewIncident" - ] - } - }, - { - "TestPYCommonServer": { - "name": "TestPYCommonServer" - } - }, - { - "CreateDuplicateIncident": { - "name": "CreateDuplicateIncident", - "script_executions": [ - "createNewIncident" - ] - } - }, - { - "c0eb84c3-8771-4f9f-833e-1017112d6215": { - "name": "ThrowException" - } - }, - { - "SsdeepReputationTest": { - "name": "SsdeepReputationTest", - "script_executions": [ - "findIndicators", - "createNewIndicator", - "createNewIndicator", - "createNewIndicator" - ] - } - }, - { - "CreateBinaryFile": { - "name": "CreateBinaryFile" - } - }, - { - "GetFirstObject": { - "name": "GetFirstObject" - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - } - ], - "playbooks": [ - { - "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Search And Delete Emails - EWS" - ] - } - }, - { - "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", - "EmailDomainSquattingReputation" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_commands": [ - "setIncident", - "rasterize-email" - ] - } - }, - { - "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "commentsToContext" - ], - "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", - "servicenow-incident-create" - ] - } - }, - { - "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, - "implementing_playbooks": [ - "Get Original Email - Gmail", - "Get Original Email - EWS" - ] - } - }, - { - "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "phish-ai-check-status", - "phish-ai-scan-url" - ] - } - }, - { - "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Sleep" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", - "cuckoo-create-task-from-url" - ] - } - }, - { - "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", - "Get File Sample By Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-details" - ] - } - }, - { - "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", - "Get File Sample From Path - D2" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_commands": [ - "rasterize-email" - ] - } - }, - { - "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "lastline-upload-file", - "lastline-get-report" - ] - } - }, - { - "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "URLSSLVerification", - "Exists", - "URLReputation" - ], - "implementing_commands": [ - "rasterize" - ] - } - }, - { - "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", - "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", - "PrintErrorEntry" - ] - } - }, - { - "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExposeModules", - "Autoruns", - "Exists" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", - "Calculate Severity - Critical assets" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", - "Exists" - ], - "implementing_commands": [ - "cbp-computer-get" - ] - } - }, - { - "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractURL", - "ExtractHash", - "ExtractIP" - ], - "implementing_playbooks": [ - "Enrichment Playbook" - ] - } - }, - { - "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Exists", - "SendEmail" - ], - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search" - ] - } - }, - { - "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "crowdstrike-detonate-file" - ] - } - }, - { - "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", - "implementing_scripts": [ - "CloseInvestigation", - "Exists" - ], - "implementing_playbooks": [ - "WildFire - Detonate file" - ], - "implementing_commands": [ - "dxl-send-event" - ] - } - }, - { - "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "cb-binary-get" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "StringContains", - "Exists" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-scan-status" - ] - } - }, - { - "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", - "Block Account - Generic" - ] - } - }, - { - "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", - "threat-grid-url-to-file" - ] - } - }, - { - "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", - "TrendMicroGetHostID" - ] - } - }, - { - "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", - "gvault-get-mail-results" - ] - } - }, - { - "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", - "Email Address Enrichment - Generic" - ] - } - }, - { - "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", - "joe-analysis-info" - ] - } - }, - { - "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "crowdstrike-submit-sample", - "crowdstrike-scan" - ] - } - }, - { - "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", - "implementing_commands": [ - "cs-device-search", - "cs-device-details" - ] - } - }, - { - "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "cveReputation" - ], - "implementing_commands": [ - "cve-search" - ] - } - }, - { - "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", - "implementing_scripts": [ - "http", - "UnzipFile", - "Exists" - ], - "implementing_commands": [ - "cylance-protect-download-threat" - ] - } - }, - { - "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", - "GetDuplicatesMl" - ] - } - }, - { - "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", - "ExtractURL" - ], - "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", - "Detonate File - Generic" - ] - } - }, - { - "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", - "implementing_scripts": [ - "EPOFindSystem", - "Exists" - ], - "implementing_commands": [ - "tie-file-references" - ] - } - }, - { - "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", - "implementing_scripts": [ - "QualysCreateIncidentFromReport", - "Set" - ], - "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", - "qualys-report-list" - ] - } - }, - { - "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", - "gmail-get-mail" - ] - } - }, - { - "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "atd-get-report", - "atd-check-status", - "atd-file-upload" - ] - } - }, - { - "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "lastline-get-report", - "lastline-upload-url" - ] - } - }, - { - "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "WildFire - Detonate file" - ] - } - }, - { - "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "ews-get-attachment" - ] - } - }, - { - "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "IsIntegrationAvailable", - "Exists" - ], - "implementing_commands": [ - "slack-send", - "ExposeModules" - ] - } - }, - { - "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IncidentAddSystem", - "FetchFileD2" - ] - } - }, - { - "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, - "implementing_scripts": [ - "DeleteContext", - "Set" - ], - "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", - "ews-get-items" - ] - } - }, - { - "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", - "Exists" - ] - } - }, - { - "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", - "implementing_scripts": [ - "StringContains", - "Set", - "Exists" - ] - } - }, - { - "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", - "CPCreateBackup" - ] - } - }, - { - "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "EPOFindSystem", - "Exists", - "ADGetComputer" - ], - "implementing_playbooks": [ - "CrowdStrike Endpoint Enrichment" - ], - "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", - "so-agents-query" - ] - } - }, - { - "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "QRadar - Get offense correlations", - "Access Investigation - Generic" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", - "gvault-get-groups-results" - ] - } - }, - { - "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", - "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", - "DBotPreparePhishingData" - ] - } - }, - { - "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", - "Detonate URL - McAfee ATD" - ] - } - }, - { - "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "tenable-sc-get-scan-report", - "tenable-sc-launch-scan" - ] - } - }, - { - "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "wildfire-upload-file-remote", - "wildfire-report" - ] - } - }, - { - "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", - "implementing_commands": [ - "cb-sensor-info", - "cb-quarantine-device" - ] - } - }, - { - "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", - "implementing_scripts": [ - "FindSimilarIncidents", - "CloseInvestigationAsDuplicate" - ] - } - }, - { - "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "nexpose-start-assets-scan", - "nexpose-get-scan" - ] - } - }, - { - "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", - "ExtractIP" - ] - } - }, - { - "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", - "NexposeEmailParser" - ], - "implementing_playbooks": [ - "Enrichment Playbook" - ] - } - }, - { - "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", - "FindSimilarIncidents" - ] - } - }, - { - "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", - "Search Endpoints By Hash - Generic" - ] - } - }, - { - "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", - "implementing_commands": [ - "cb-get-hash-blacklist", - "cb-block-hash" - ] - } - }, - { - "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", - "implementing_scripts": [ - "BuildEWSQuery" - ], - "implementing_commands": [ - "ews-search-mailboxes", - "ews-delete-items" - ] - } - }, - { - "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "bitdam-upload-file", - "bitdam-get-verdict" - ] - } - }, - { - "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", - "implementing_scripts": [ - "EPOFindSystem", - "Exists" - ], - "implementing_commands": [ - "mar-search-multiple" - ] - } - }, - { - "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", - "gvault-download-results" - ] - } - }, - { - "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IncidentSet" - ] - } - }, - { - "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "crowdstrike-submit-url", - "crowdstrike-scan" - ] - } - }, - { - "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", - "IPReputation" - ], - "implementing_playbooks": [ - "Endpoint Enrichment - Generic" - ], - "implementing_commands": [ - "vt-private-get-ip-report" - ] - } - }, - { - "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DomainReputation" - ] - } - }, - { - "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", - "qradar-searches" - ] - } - }, - { - "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", - "implementing_scripts": [ - "IncidentSet", - "Set", - "Exists" - ], - "implementing_commands": [ - "as-get-security-events", - "as-get-case", - "as-get-case-event-ids" - ] - } - }, - { - "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", - "Detonate File - Generic" - ] - } - }, - { - "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", - "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", - "Exists" - ] - } - }, - { - "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", - "implementing_scripts": [ - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations" - ] - } - }, - { - "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PanoramaBlockIP" - ], - "implementing_playbooks": [ - "Add Indicator to Miner - Palo Alto MineMeld" - ], - "implementing_commands": [ - "zscaler-blacklist-ip", - "checkpoint-block-ip" - ] - } - }, - { - "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IncidentSet" - ] - } - }, - { - "playbook3": { - "name": "Ransomware Playbook - Manual", - "fromversion": "2.5.0" - } - }, - { - "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", - "implementing_scripts": [ - "CloseInvestigation", - "Exists" - ], - "implementing_playbooks": [ - "ATD - Detonate File" - ], - "implementing_commands": [ - "dxl-send-event" - ] - } - }, - { - "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "playbook2": { - "name": "Phishing Playbook - Manual", - "fromversion": "2.5.0" - } - }, - { - "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", - "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", - "Carbon black Protection Rapid IOC Hunting" - ] - } - }, - { - "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "ReadPDFFile", - "Set", - "ExtractIndicatorsFromTextFile" - ] - } - }, - { - "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", - "implementing_scripts": [ - "Print", - "Exists" - ], - "implementing_commands": [ - "so-agents-query", - "so-get-agent-processes" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_playbooks": [ - "Get Original Email - Generic" - ], - "implementing_commands": [ - "setIncident", - "rasterize-email" - ] - } - }, - { - "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", - "Ping" - ], - "implementing_commands": [ - "servicenow-incident-create" - ] - } - }, - { - "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", - "setIncident" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "StringContains", - "Exists" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "playbook8": { - "name": "Lost / Stolen Device Playbook", - "fromversion": "2.5.0" - } - }, - { - "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "DisplayHTML" - ], - "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "qualys-host-list", - "qualys-vulnerability-list" - ] - } - }, - { - "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", - "ExtractURL" - ], - "implementing_playbooks": [ - "Hunt for bad IOCs" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "CBFindHash" - ] - } - }, - { - "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-scan" - ] - } - }, - { - "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", - "panorama-commit-status" - ] - } - }, - { - "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", - "SlackAskUser" - ], - "implementing_commands": [ - "slack-send" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-report" - ] - } - }, - { - "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "File Enrichment - File reputation", - "File Enrichment - Virus Total Private API" - ], - "implementing_commands": [ - "cylance-protect-get-threat", - "pan-appframework-search-by-file-hash" - ] - } - }, - { - "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", - "implementing_scripts": [ - "NexposeCreateIncidentsFromAssets" - ], - "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", - "nexpose-search-assets" - ] - } - }, - { - "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", - "implementing_commands": [ - "archer-get-file" - ] - } - }, - { - "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Block File - Carbon Black Response" - ] - } - }, - { - "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", - "implementing_scripts": [ - "StringContains", - "Set" - ] - } - }, - { - "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", - "implementing_commands": [ - "minemeld-add-to-miner" - ] - } - }, - { - "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "DomainReputation" - ], - "implementing_commands": [ - "vt-private-get-domain-report" - ] - } - }, - { - "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", - "SendEmail" - ], - "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", - "epo-get-current-dat" - ] - } - }, - { - "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "URLSSLVerification", - "Exists", - "URLReputation" - ], - "implementing_commands": [ - "vt-private-get-url-report", - "rasterize" - ] - } - }, - { - "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", - "IP Enrichment - Generic" - ] - } - }, - { - "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", - "Search Endpoints By Hash - Carbon Black Protection" - ] - } - }, - { - "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", - "Detonate File - Generic" - ] - } - }, - { - "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ] - } - }, - { - "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Sleep" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", - "cuckoo-create-task-from-file" - ] - } - }, - { - "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", - "IP Enrichment - Generic" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ] - } - }, - { - "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "DBot Create Phishing Classifier" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", - "ExtractURL" - ], - "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", - "Enrichment Playbook" - ] - } - }, - { - "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation" - ], - "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", - "setIncident" - ] - } - }, - { - "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", - "gvault-download-results" - ] - } - }, - { - "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "detonate-file" - ] - } - }, - { - "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", - "implementing_commands": [ - "ad-disable-account" - ] - } - }, - { - "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", - "implementing_commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-file-report" - ] - } - }, - { - "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", - "implementing_scripts": [ - "FileReputation" - ] - } - }, - { - "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Add Indicator to Miner - Palo Alto MineMeld" - ], - "implementing_commands": [ - "zscaler-blacklist-url" - ] - } - }, - { - "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ] - } - }, - { - "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", - "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", - "tn-get-saved-question" - ] - } - }, - { - "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "cb-binary-get" - ] - } - }, - { - "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "http", - "UnzipFile", - "Exists" - ], - "implementing_commands": [ - "cylance-protect-download-threat" - ] - } - }, - { - "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", - "EmailAskUser" - ], - "implementing_playbooks": [ - "IP Enrichment - Generic", - "Account Enrichment - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "setIncident" - ] - } - }, - { - "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", - "implementing_scripts": [ - "EPOFindSystem" - ], - "implementing_commands": [ - "tie-file-references" - ] - } - }, - { - "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CBLiveGetFile", - "Exists" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "wildfire-report", - "detonate-file" - ] - } - }, - { - "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", - "Detonate File - ThreatGrid" - ] - } - }, - { - "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", - "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", - "AreValuesEqual" - ] - } - }, - { - "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", - "URLReputation" - ] - } - }, - { - "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", - "ews-o365-start-compliance-search" - ] - } - }, - { - "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "GetIndicatorDBotScore" - ] - } - }, - { - "playbook0": { - "name": "Default", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Calculate Severity - Generic" - ] - } - }, - { - "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "FileReputation" - ] - } - }, - { - "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "atd-get-report", - "atd-file-upload", - "atd-check-status" - ] - } - }, - { - "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", - "joe-analysis-submit-sample" - ] - } - }, - { - "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", - "Exists" - ] - } - }, - { - "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "SandboxDetonateFile", - "Exists" - ] - } - }, - { - "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-sample" - ] - } - }, - { - "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CBFindHash", - "Exists" - ] - } - }, - { - "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", - "EmailDomainSquattingReputation" - ] - } - }, - { - "Endpoint data collection": { - "name": "Endpoint data collection", - "implementing_scripts": [ - "AreValuesEqual" - ], - "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", - "D2 - Endpoint data collection" - ] - } - }, - { - "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", - "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", - "Get File Sample From Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-report" - ] - } - }, - { - "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": "4.1.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - } - ], - "integrations": [ - { - "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", - "cybereason-update-malop-status" - ] - } - }, - { - "Giphy": { - "name": "Giphy", - "commands": [ - "giphy" - ] - } - }, - { - "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", - "nw-broker-mon" - ] - } - }, - { - "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", - "reversinglabs-download-unpacked" - ] - } - }, - { - "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", - "vmware-get-events" - ] - } - }, - { - "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", - "archer-get-user-id" - ] - } - }, - { - "vmray": { - "name": "vmray", - "commands": [ - "upload_sample", - "get_results", - "get_job_sample" - ] - } - }, - { - "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", - "jira-delete-issue" - ] - } - }, - { - "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", - "verodin-job-cancel" - ] - } - }, - { - "dnstwist": { - "name": "dnstwist", - "commands": [ - "dnstwist-domain-variations" - ] - } - }, - { - "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", - "ews-move-item" - ] - } - }, - { - "OpenPhish": { - "name": "OpenPhish", - "commands": [ - "url", - "openphish-reload", - "openphish-status" - ] - } - }, - { - "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", - "nsm-get-attacks" - ] - } - }, - { - "ipinfo": { - "name": "ipinfo", - "commands": [ - "ip", - "ipinfo_field" - ] - } - }, - { - "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", - "cuckoo-machine-view" - ] - } - }, - { - "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", - "moloch_unique_json" - ] - } - }, - { - "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", - "demisto-delete-incidents" - ] - } - }, - { - "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", - "satp-incidents" - ] - } - }, - { - "McAfee Active Response": { - "name": "McAfee Active Response", - "commands": [ - "mar-search", - "mar-collectors-list", - "mar-search-multiple" - ] - } - }, - { - "Aella Star Light": { - "name": "Aella Star Light", - "commands": [ - "aella-get-event" - ] - } - }, - { - "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", - "zendesk-get-article" - ] - } - }, - { - "Cisco CloudLock": { - "name": "Cisco CloudLock", - "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", - "cloudlock-get-activities" - ] - } - }, - { - "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", - "cb-push-file-to-endpoint" - ] - } - }, - { - "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download" - ] - } - }, - { - "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", - "commands": [ - "pipl-search", - "email" - ] - } - }, - { - "Forcepoint": { - "name": "Forcepoint", - "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", - "fp-delete-address-from-category" - ] - } - }, - { - "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", - "fireeye-hx-get-host-set-information" - ] - } - }, - { - "Threat Crowd": { - "name": "Threat Crowd", - "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", - "threat-crowd-file" - ] - } - }, - { - "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", - "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", - "pan-appframework-search-by-file-hash" - ] - } - }, - { - "Phishme Intelligence": { - "name": "Phishme Intelligence", - "commands": [ - "url", - "file", - "ip", - "phishme-search", - "email" - ] - } - }, - { - "Remedy AR": { - "name": "Remedy AR", - "commands": [ - "remedy-get-server-details" - ] - } - }, - { - "Intezer": { - "name": "Intezer", - "commands": [ - "file", - "intezer-upload" - ] - } - }, - { - "AlgoSec": { - "name": "AlgoSec", - "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", - "algosec-query" - ] - } - }, - { - "Zoom": { - "name": "Zoom", - "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", - "zoom-delete-user" - ] - } - }, - { - "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", - "cuckoo-machine-view" - ] - } - }, - { - "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-processes" - ] - } - }, - { - "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", - "qradar-delete-reference-set-value" - ] - } - }, - { - "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", - "splunk-parse-raw" - ] - } - }, - { - "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", - "domain" - ] - } - }, - { - "LogRhythm": { - "name": "LogRhythm", - "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", - "lr-get-alarms" - ] - } - }, - { - "Service Manager": { - "name": "Service Manager", - "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", - "hpsm-get-device" - ] - } - }, - { - "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", - "trendmicro-anti-malware-event-retrieve" - ] - } - }, - { - "Netskope": { - "name": "Netskope", - "commands": [ - "netskope-events", - "netskope-alerts" - ] - } - }, - { - "McAfee Web Gateway": { - "name": "McAfee Web Gateway", - "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", - "mwg-delete-entry" - ] - } - }, - { - "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", - "as-search" - ] - } - }, - { - "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", - "cb-watchlist" - ] - } - }, - { - "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", - "zscaler-get-whitelist" - ] - } - }, - { - "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", - "sandblast-quota" - ] - } - }, - { - "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config" - ] - } - }, - { - "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", - "device" - ] - } - }, - { - "Skyformation": { - "name": "Skyformation", - "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", - "skyformation-unsuspend-user" - ] - } - }, - { - "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", - "cisco-spark-send-message-to-room" - ] - } - }, - { - "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", - "as-case-delete" - ] - } - }, - { - "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", - "nexpose-get-scans" - ] - } - }, - { - "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", - "cylance-protect-delete-devices" - ] - } - }, - { - "Cyber Triage": { - "name": "Cyber Triage", - "commands": [ - "ct-triage-endpoint" - ] - } - }, - { - "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", - "endgame-investigation-status" - ] - } - }, - { - "Kenna": { - "name": "Kenna", - "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", - "kenna-update-vulnerability" - ] - } - }, - { - "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", - "meraki-update-firewall-rules" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote" - ] - } - }, - { - "AWS Sagemaker": { - "name": "AWS Sagemaker", - "commands": [ - "predict-phishing" - ] - } - }, - { - "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", - "crowdstrike-submit-file-by-url" - ] - } - }, - { - "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", - "domainProfile" - ] - } - }, - { - "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", - "jask-search-entities" - ] - } - }, - { - "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", - "commands": [ - "smb-download" - ] - } - }, - { - "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", - "esm-list-alarm-events" - ] - } - }, - { - "nmap": { - "name": "nmap", - "commands": [ - "nmap-scan" - ] - } - }, - { - "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", - "commands": [ - "file" - ] - } - }, - { - "Farsight DNSDB": { - "name": "Farsight DNSDB", - "commands": [ - "dnsdb-rdata", - "dnsdb-rrset" - ] - } - }, - { - "Symantec MSS": { - "name": "Symantec MSS", - "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", - "symantec-mss-incidents-list" - ] - } - }, - { - "EWS Mail Sender": { - "name": "EWS Mail Sender", - "commands": [ - "send-mail" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", - "wildfire-upload-file-remote" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote" - ] - } - }, - { - "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", - "url" - ] - } - }, - { - "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", - "microsoft-atp-list-alerts" - ] - } - }, - { - "Mail Sender (New)": { - "name": "Mail Sender (New)", - "commands": [ - "send-mail" - ] - } - }, - { - "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", - "attivo-list-users" - ] - } - }, - { - "Sample Incident Generator": { - "name": "Sample Incident Generator" - } - }, - { - "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", - "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", - "hybrid-analysis-detonate-file" - ] - } - }, - { - "Anomali ThreatStream": { - "name": "Anomali ThreatStream", - "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", - "ip" - ] - } - }, - { - "PacketMail": { - "name": "PacketMail", - "commands": [ - "packetmail-ip" - ] - } - }, - { - "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", - "qualys-pc-scan-fetch" - ] - } - }, - { - "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", - "umbrella-get-url-timeline" - ] - } - }, - { - "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", - "cbd-set-policy" - ] - } - }, - { - "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", - "kl-delete-record-attachments" - ] - } - }, - { - "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", - "commands": [ - "opswat-hash", - "opswat-scan-file", - "opswat-scan-result" - ] - } - }, - { - "ActiveMQ": { - "name": "ActiveMQ", - "commands": [ - "activemq-send", - "activemq-subscribe" - ] - } - }, - { - "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", - "commands": [ - "ironport-report" - ] - } - }, - { - "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", - "qualys-pc-scan-fetch" - ] - } - }, - { - "IsItPhishing": { - "name": "IsItPhishing", - "commands": [ - "url" - ] - } - }, - { - "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user" - ] - } - }, - { - "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-modify-instance-attribute" - ] - } - }, - { - "Blockade.io": { - "name": "Blockade.io", - "commands": [ - "blockade-get-indicators", - "blockade-add-indicators" - ] - } - }, - { - "AlphaSOC Network Behavior Analytics": { - "name": "AlphaSOC Network Behavior Analytics" - } - }, - { - "Recorded Future": { - "name": "Recorded Future", - "commands": [ - "domain", - "ip", - "file", - "recorded-future-get-related-entities" - ] - } - }, - { - "CVE Search": { - "name": "CVE Search", - "commands": [ - "cve-search", - "cve-latest" - ] - } - }, - { - "SNDBOX": { - "name": "SNDBOX", - "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", - "sndbox-download-sample" - ] - } - }, - { - "Demisto Lock": { - "name": "Demisto Lock", - "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", - "demisto-lock-release-all" - ] - } - }, - { - "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", - "f5-list-all-user-sessions" - ] - } - }, - { - "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", - "mimecast-download-attachments" - ] - } - }, - { - "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", - "zendesk-get-article" - ] - } - }, - { - "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", - "redcanary-get-detection" - ] - } - }, - { - "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", - "joe-download-sample" - ] - } - }, - { - "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", - "aws-cloudtrail-lookup-events" - ] - } - }, - { - "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", - "threatexchange-members" - ] - } - }, - { - "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-tickets-ids" - ] - } - }, - { - "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", - "aws-get-ebs-volume-info" - ] - } - }, - { - "ArcSight XML": { - "name": "ArcSight XML", - "commands": [ - "arcsight-update-case", - "arcsight-fetch-xml" - ] - } - }, - { - "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", - "vt-comments-get" - ] - } - }, - { - "MxToolBox": { - "name": "MxToolBox", - "commands": [ - "mxtoolbox" - ] - } - }, - { - "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download" - ] - } - }, - { - "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", - "lcm-host-autoruns" - ] - } - }, - { - "Packetsled": { - "name": "Packetsled", - "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", - "packetsled-get-events" - ] - } - }, - { - "Censys": { - "name": "Censys", - "commands": [ - "cen-view", - "cen-search" - ] - } - }, - { - "Imperva Skyfence": { - "name": "Imperva Skyfence", - "commands": [ - "imp-sf-list-endpoints", - "imp-sf-set-endpoint-status" - ] - } - }, - { - "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", - "get-token" - ] - } - }, - { - "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", - "minemeld-get-all-miners-names" - ] - } - }, - { - "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", - "commands": [ - "url" - ] - } - }, - { - "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", - "salesforce-delete-case" - ] - } - }, - { - "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", - "scadafence-getAllConnections" - ] - } - }, - { - "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", - "hashicorp-create-token" - ] - } - }, - { - "Proofpoint TAP": { - "name": "Proofpoint TAP", - "commands": [ - "proofpoint-get-events" - ] - } - }, - { - "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed" - ] - } - }, - { - "iDefense": { - "name": "iDefense", - "commands": [ - "ip", - "domain", - "url", - "idefense-general", - "uuid" - ] - } - }, - { - "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", - "cs-report-pdf" - ] - } - }, - { - "Venafi": { - "name": "Venafi", - "commands": [ - "venafi-get-certificates", - "venafi-get-certificate-details" - ] - } - }, - { - "CyberArkAIM": { - "name": "CyberArkAIM", - "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", - "account-details" - ] - } - }, - { - "Autofocus": { - "name": "Autofocus", - "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", - "file" - ] - } - }, - { - "AbuseIPDB": { - "name": "AbuseIPDB", - "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", - "abuseipdb-get-categories" - ] - } - }, - { - "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", - "commands": [ - "file", - "tie-set-file-reputation", - "tie-file-references" - ] - } - }, - { - "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", - "checkpoint-delete-rule" - ] - } - }, - { - "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", - "PagerDuty-acknowledge-event" - ] - } - }, - { - "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", - "gmail-add-filter" - ] - } - }, - { - "Centreon": { - "name": "Centreon", - "commands": [ - "centreon-get-host-status", - "centreon-get-service-status" - ] - } - }, - { - "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", - "netwitness-blacklist-domains" - ] - } - }, - { - "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", - "pt-ssl-cert-search" - ] - } - }, - { - "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", - "get-token" - ] - } - }, - { - "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", - "so-reslove-threats" - ] - } - }, - { - "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", - "amp_get_version" - ] - } - }, - { - "AWS - SQS": { - "name": "AWS - SQS", - "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", - "aws-sqs-purge-queue" - ] - } - }, - { - "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-terminate-process" - ] - } - }, - { - "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record" - ] - } - }, - { - "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", - "tn-get-action" - ] - } - }, - { - "FireEye ETP": { - "name": "FireEye ETP", - "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", - "fireeye-etp-get-alert" - ] - } - }, - { - "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-account-usage-info" - ] - } - }, - { - "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", - "rs-incidents-get-tasks" - ] - } - }, - { - "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", - "aws-iam-delete-account-alias" - ] - } - }, - { - "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", - "sep-client-content" - ] - } - }, - { - "SumoLogic": { - "name": "SumoLogic", - "commands": [ - "search" - ] - } - }, - { - "Pwned": { - "name": "Pwned", - "commands": [ - "pwned-email", - "pwned-domain", - "email" - ] - } - }, - { - "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", - "commands": [ - "url", - "ip", - "file", - "urlscan-submit" - ] - } - }, - { - "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", - "lastline-get-task-list" - ] - } - }, - { - "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", - "commands": [ - "urlscan-search", - "urlscan-submit", - "url" - ] - } - }, - { - "OpsGenie": { - "name": "OpsGenie", - "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", - "opsgenie-get-schedule-timeline" - ] - } - }, - { - "McAfeeDAM": { - "name": "McAfeeDAM", - "commands": [ - "dam-get-alert-by-id", - "dam-get-latest-by-rule" - ] - } - }, - { - "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", - "okta-get-group-members" - ] - } - }, - { - "Devo": { - "name": "Devo", - "commands": [ - "devo-query" - ] - } - }, - { - "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", - "aws-securityhub-update-finding" - ] - } - }, - { - "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", - "moloch_unique_json" - ] - } - }, - { - "RedLock": { - "name": "RedLock", - "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", - "redlock-list-alert-filters" - ] - } - }, - { - "Whois": { - "name": "Whois", - "fromversion": "4.1.0", - "commands": [ - "whois" - ] - } - }, - { - "SafeBreach": { - "name": "SafeBreach", - "commands": [ - "safebreach-rerun", - "safebreach-get-simulation" - ] - } - }, - { - "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", - "commands": [ - "wisdom-domain-flags", - "wisdom-ip-flags" - ] - } - }, - { - "jamf": { - "name": "jamf", - "commands": [ - "jamf-get-computers", - "jamf-get-computers-match" - ] - } - }, - { - "CIRCL": { - "name": "CIRCL", - "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", - "circl-ssl-get-certificate" - ] - } - }, - { - "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", - "panorama-push-status" - ] - } - }, - { - "icebrg": { - "name": "icebrg", - "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", - "icebrg-get-report-assets" - ] - } - }, - { - "EasyVista": { - "name": "EasyVista", - "commands": [ - "easy-vista-search" - ] - } - }, - { - "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", - "tc-get-incident-associate-indicators" - ] - } - }, - { - "BitDam": { - "name": "BitDam", - "commands": [ - "bitdam-upload-file", - "bitdam-get-verdict" - ] - } - }, - { - "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", - "aws-s3-upload-file" - ] - } - }, - { - "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login" - ] - } - }, - { - "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", - "guardicore-search-network-log" - ] - } - }, - { - "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", - "commands": [ - "mimecast-query" - ] - } - }, - { - "Shodan": { - "name": "Shodan", - "commands": [ - "search", - "ip" - ] - } - }, - { - "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", - "aws-gd-update-findings-feedback" - ] - } - }, - { - "Mimecast Authentication": { - "name": "Mimecast Authentication", - "commands": [ - "mimecast-login", - "mimecast-discover", - "mimecast-refresh-token" - ] - } - }, - { - "malwr": { - "name": "malwr", - "fromversion": "3.0.0", - "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", - "malwr-detonate" - ] - } - }, - { - "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", - "cs-detection-details" - ] - } - }, - { - "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", - "servicenow-get-table-name" - ] - } - }, - { - "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", - "tenable-sc-get-system-information" - ] - } - }, - { - "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", - "gvault-get-groups-results" - ] - } - }, - { - "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", - "url" - ] - } - }, - { - "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", - "internal-misp-add-attribute" - ] - } - }, - { - "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", - "cs-report-pdf" - ] - } - }, - { - "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", - "box_files_get_info" - ] - } - }, - { - "Remedy On-Demand": { - "name": "Remedy On-Demand", - "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-update" - ] - } - }, - { - "Rasterize": { - "name": "Rasterize", - "commands": [ - "rasterize", - "rasterize-email", - "rasterize-image" - ] - } - }, - { - "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", - "fortigate-delete-address-group" - ] - } - }, - { - "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", - "rtir-add-reply" - ] - } - }, - { - "Tenable.io": { - "name": "Tenable.io", - "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-status" - ] - } - }, - { - "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", - "sw-list-sessions" - ] - } - }, - { - "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", - "ews-o365-get-compliance-search-purge-status" - ] - } - }, - { - "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", - "kl-delete-record-attachments" - ] - } - }, - { - "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count" - ] - } - }, - { - "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", - "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", - "lum-get-ssh-access-logs" - ] - } - }, - { - "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", - "vt-private-download-file" - ] - } - }, - { - "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", - "commands": [ - "encase-copyjob", - "encase-snapshot", - "encase-verifyhash" - ] - } - }, - { - "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", - "incap-get-app-info" - ] - } - }, - { - "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", - "cve-latest" - ] - } - }, - { - "Cymon": { - "name": "Cymon", - "commands": [ - "ip", - "domain" - ] - } - }, - { - "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", - "atd-check-status" - ] - } - }, - { - "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", - "aws-logs-describe-metric-filters" - ] - } - }, - { - "Microsoft Graph": { - "name": "Microsoft Graph", - "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", - "msg-get-user" - ] - } - }, - { - "Secdo": { - "name": "Secdo", - "commands": [ - "secdo-add-IOCs" - ] - } - }, - { - "Preempt": { - "name": "Preempt", - "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", - "preempt-get-alerts" - ] - } - }, - { - "PostgreSQL": { - "name": "PostgreSQL", - "commands": [ - "pgsql-query" - ] - } - }, - { - "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", - "epo-get-version" - ] - } - }, - { - "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", - "grr_set_hunts" - ] - } - }, - { - "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", - "nessus-scan-status" - ] - } - }, - { - "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", - "guardicore-search-network-log" - ] - } - }, - { - "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", - "ds-get-tags" - ] - } - }, - { - "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", - "fe-submit-url-result" - ] - } - }, - { - "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", - "nw-database-dump" - ] - } - }, - { - "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", - "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", - "netwitness-get-alerts" - ] - } - }, - { - "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", - "smg-get-blocked-ips" - ] - } - }, - { - "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", - "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", - "otrs-close-ticket" - ] - } - }, - { - "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", - "sandblast-quota" - ] - } - }, - { - "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", - "cp-get-policy-details" - ] - } - }, - { - "TCPIPUtils": { - "name": "TCPIPUtils", - "commands": [ - "ip" - ] - } - }, - { - "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", - "netwitness-im-get-alert-original" - ] - } - }, - { - "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", - "commands": [ - "clue" - ] - } - }, - { - "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link" - ] - } - }, - { - "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", - "vec-get-detetctions-by-id" - ] - } - }, - { - "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", - "commands": [ - "TwilioSendSMS" - ] - } - }, - { - "PhishTank": { - "name": "PhishTank", - "commands": [ - "url", - "phishtank-reload", - "phishtank-status" - ] - } - }, - { - "FireEye iSIGHT": { - "name": "FireEye iSIGHT", - "commands": [ - "ip", - "domain", - "file", - "isight-get-report", - "isight-submit-file" - ] - } - }, - { - "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", - "bigfix-query" - ] - } - }, - { - "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", - "commands": [ - "phish-ai-scan-url", - "phish-ai-check-status" - ] - } - }, - { - "Koodous": { - "name": "Koodous", - "commands": [ - "k-check-hash" - ] - } - }, - { - "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", - "intsights-close-alert" - ] - } - } - ], - "TestPlaybooks": [ - { - "SignalSciences Test": { - "name": "SignalSciences Test", - "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", - "sigsci-whitelist-remove-ip" - ] - } - }, - { - "Microsoft Graph Test": { - "name": "Microsoft Graph Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", - "msg-get-alert-details" - ] - } - }, - { - "Mail Sender (New) Test": { - "name": "Email Sender Python", - "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", - "send-mail" - ] - } - }, - { - "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", - "ExtractURL" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "file" - ] - } - }, - { - "PortListenCheck-test": { - "name": "PortListenCheck-test", - "implementing_scripts": [ - "Print", - "PortListenCheck" - ] - } - }, - { - "Qualys-Test": { - "name": "Qualys-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", - "qualys-report-list" - ] - } - }, - { - "Pipl Test": { - "name": "Pipl Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "pipl-search" - ] - } - }, - { - "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", - "AreValuesEqual" - ], - "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes" - ] - } - }, - { - "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", - "cbp-fileAnalysis-get" - ] - } - }, - { - "test_url_regex": { - "name": "Test URL Regex", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext" - ] - } - }, - { - "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", - "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", - "ip" - ] - } - }, - { - "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", - "aws-route53-list-hosted-zones" - ] - } - }, - { - "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", - "implementing_scripts": [ - "http" - ], - "implementing_commands": [ - "send-mail" - ] - } - }, - { - "Icebrg Test": { - "name": "Icebrg Test", - "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", - "icebrg-get-report-indicators" - ] - } - }, - { - "tenable-sc-scan-test": { - "name": "Test tenable scan", - "implementing_playbooks": [ - "Launch Scan - Tenable.sc" - ] - } - }, - { - "VMWare Test": { - "name": "VMWare Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", - "vmware-get-vms" - ] - } - }, - { - "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", - "implementing_scripts": [ - "Print", - "CloseInvestigation", - "Exists" - ], - "implementing_commands": [ - "url", - "openphish-status" - ] - } - }, - { - "Intezer Testing": { - "name": "Intezer Testing", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http" - ], - "implementing_commands": [ - "intezer-upload", - "file" - ] - } - }, - { - "test-domain-indicator": { - "name": "test-domain-indicator", - "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", - "Sleep" - ] - } - }, - { - "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "IP Enrichment - Generic" - ] - } - }, - { - "Nessus - Test": { - "name": "Nessus - Test", - "implementing_scripts": [ - "WhileLoop" - ], - "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", - "nessus-scan-details" - ] - } - }, - { - "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", - "aws-ec2-stop-instances" - ] - } - }, - { - "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", - "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-create-export-groups" - ] - } - }, - { - "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "CVE Enrichment - Generic" - ] - } - }, - { - "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", - "implementing_scripts": [ - "DeleteContext", - "http", - "ReadPDFFile" - ] - } - }, - { - "RegexGroups Test": { - "name": "RegexGroups Test", - "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", - "DeleteContext" - ] - } - }, - { - "GmailTest": { - "name": "GmailTest", - "implementing_scripts": [ - "GetTime", - "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", - "gmail-search" - ] - } - }, - { - "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", - "implementing_scripts": [ - "RaiseError", - "http" - ], - "implementing_playbooks": [ - "Extract Indicators From File - Generic" - ] - } - }, - { - "Kenna Test": { - "name": "Kenna Test", - "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", - "kenna-get-connectors" - ] - } - }, - { - "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", - "aws-cloudtrail-stop-logging" - ] - } - }, - { - "test_Qradar": { - "name": "test_Qradar", - "implementing_scripts": [ - "FetchFromInstance", - "DeleteContext" - ], - "implementing_playbooks": [ - "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", - "qradar-delete-reference-set-value" - ] - } - }, - { - "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", - "implementing_commands": [ - "centreon-get-host-status" - ] - } - }, - { - "ssdeepreputationtest": { - "name": "SsdeepReputationTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", - "SSDeepReputation" - ] - } - }, - { - "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", - "cs-device-details" - ] - } - }, - { - "dnstwistTest": { - "name": "dnstwistTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "dnstwist-domain-variations" - ] - } - }, - { - "IPInfoTest": { - "name": "IPInfoTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", - "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", - "tn-get-saved-question" - ] - } - }, - { - "Netskope Test": { - "name": "Netskope Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "netskope-events", - "netskope-alerts" - ] - } - }, - { - "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Entity Enrichment - Generic" - ] - } - }, - { - "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", - "implementing_scripts": [ - "DeleteContext", - "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", - "cs-reports" - ] - } - }, - { - "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - TIE" - ] - } - }, - { - "nexpose_test": { - "name": "Nexpose test", - "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", - "nexpose-get-scans" - ] - } - }, - { - "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "cisco-ise-get-endpoints" - ] - } - }, - { - "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", - "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", - "cb-alert" - ] - } - }, - { - "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", - "DeleteContext" - ], - "implementing_playbooks": [ - "Dedup - Generic" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "VxStream Test": { - "name": "VxStream Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "Exists" - ], - "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", - "crowdstrike-search" - ] - } - }, - { - "PhishTank Testing": { - "name": "PhishTank Testing", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", - "ReadFile" - ], - "implementing_commands": [ - "url" - ] - } - }, - { - "BigFixTest": { - "name": "BigFixTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-deploy-patch" - ] - } - }, - { - "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", - "meraki-fetch-organization-inventory" - ] - } - }, - { - "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "URL Enrichment - Generic" - ], - "implementing_commands": [ - "rasterize" - ] - } - }, - { - "CheckpointFW-test": { - "name": "CheckpointFW-test", - "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", - "CheckpointFWCreateBackup" - ], - "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", - "checkpoint-show-hosts" - ] - } - }, - { - "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_playbooks": [ - "Detonate URL - McAfee ATD", - "ATD - Detonate File" - ], - "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", - "atd-list-user" - ] - } - }, - { - "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", - "umbrella-domain-categorization" - ] - } - }, - { - "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", - "implementing_scripts": [ - "RaiseError", - "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", - "epo-query-table" - ] - } - }, - { - "grr_test": { - "name": "GRR Test", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", - "grr-get-flows" - ] - } - }, - { - "RTIR Test": { - "name": "RTIR Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", - "rtir-search-ticket" - ] - } - }, - { - "GeneratePassword-Test": { - "name": "GeneratePassword-Test", - "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", - "Exists" - ] - } - }, - { - "EWS Public Folders Test": { - "name": "EWS Public Folders Test", - "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", - "ews-get-folder" - ] - } - }, - { - "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Account Enrichment - Generic" - ] - } - }, - { - "TestStringReplace": { - "name": "TestStringReplace", - "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", - "DeleteContext" - ] - } - }, - { - "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", - "implementing_commands": [ - "ews-get-attachment" - ] - } - }, - { - "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - CrowdStrike" - ] - } - }, - { - "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", - "rs-incident-artifacts" - ] - } - }, - { - "whois_test": { - "name": "whois_test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "closeInvestigation", - "whois" - ] - } - }, - { - "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", - "implementing_scripts": [ - "CloseInvestigation", - "Exists", - "ToTable" - ], - "implementing_commands": [ - "mxtoolbox" - ] - } - }, - { - "Jira-Test": { - "name": "Jira-Test", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", - "jira-get-issue" - ] - } - }, - { - "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", - "aws-ec2-describe-addresses" - ] - } - }, - { - "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_playbooks": [ - "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", - "panorama-delete-address" - ] - } - }, - { - "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", - "implementing_scripts": [ - "RaiseError", - "CloseInvestigation" - ], - "implementing_commands": [ - "url" - ] - } - }, - { - "Tenable.io test": { - "name": "Tenable.io test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", - "tenable-io-get-scan-status" - ] - } - }, - { - "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", - "joe-analysis-submit-url" - ] - } - }, - { - "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample By Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "OTRS Test": { - "name": "OTRS Test", - "implementing_scripts": [ - "FetchFromInstance" - ], - "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", - "otrs-get-ticket" - ] - } - }, - { - "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_playbooks": [ - "Get Original Email - Gmail" - ] - } - }, - { - "TestHPServiceManager": { - "name": "TestHPServiceManager", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", - "hpsm-get-incident-by-id" - ] - } - }, - { - "AbuseIPDB Test": { - "name": "AbuseIPDB Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", - "abuseipdb-report-ip" - ] - } - }, - { - "TestIsValueInArray": { - "name": "TestIsValueInArray", - "implementing_scripts": [ - "CloseInvestigation", - "Set", - "IsValueInArray" - ] - } - }, - { - "GsuiteTest": { - "name": "test-Gsuite", - "implementing_scripts": [ - "VerifyContextFields" - ], - "implementing_commands": [ - "googleapps-list-users" - ] - } - }, - { - "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", - "cisco-spark-list-rooms" - ] - } - }, - { - "iDefenseTest": { - "name": "iDefenseTest", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "uuid" - ] - } - }, - { - "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", - "implementing_playbooks": [ - "Block Indicators - Generic" - ] - } - }, - { - "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", - "netwitness-query" - ] - } - }, - { - "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", - "implementing_scripts": [ - "GeneratePassword", - "DeleteContext" - ], - "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", - "Google Vault - Search Drive" - ] - } - }, - { - "URLDecode-Test": { - "name": "URLDecode-Test", - "implementing_scripts": [ - "URLDecode", - "DeleteContext" - ] - } - }, - { - "Zscaler Test": { - "name": "Zscaler Test", - "implementing_scripts": [ - "GenerateUUID", - "isError" - ], - "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", - "zscaler-category-add-url" - ] - } - }, - { - "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "urlscan-search" - ] - } - }, - { - "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", - "implementing_scripts": [ - "DemistoUploadFileToIncident", - "http" - ] - } - }, - { - "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", - "ParseEmailFiles" - ] - } - }, - { - "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IncidentSet", - "DeleteContext", - "VerifyContext" - ], - "implementing_playbooks": [ - "Extract Indicators - Generic" - ] - } - }, - { - "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", - "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", - "AreValuesEqual" - ] - } - }, - { - "Phishing test - Inline": { - "name": "Phishing test - Inline", - "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Phishing Investigation - Generic" - ] - } - }, - { - "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Tenable.io Scan" - ] - } - }, - { - "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "wisdom-ip-flags", - "wisdom-domain-flags" - ] - } - }, - { - "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", - "ews-search-mailboxes" - ] - } - }, - { - "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", - "Exists" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "file" - ] - } - }, - { - "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", - "implementing_scripts": [ - "VerifyContext", - "ADGetUser" - ], - "implementing_playbooks": [ - "Calculate Severity - Critical assets" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response" - ] - } - }, - { - "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", - "TestCreateDuplicates" - ] - } - }, - { - "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", - "implementing_commands": [ - "lr-get-alarms" - ] - } - }, - { - "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", - "FindSimilarIncidents" - ] - } - }, - { - "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", - "aws-logs-delete-retention-policy" - ] - } - }, - { - "TestSkyformation": { - "name": "TestSkyformation", - "implementing_scripts": [ - "TestFail" - ], - "implementing_commands": [ - "skyformation-get-accounts" - ] - } - }, - { - "EWS test": { - "name": "EWS test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", - "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", - "ews-delete-items" - ] - } - }, - { - "ShodanTest": { - "name": "ShodanTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", - "implementing_scripts": [ - "DeleteContext", - "Exists", - "echo" - ], - "implementing_commands": [ - "sandblast-query", - "sandblast-upload" - ] - } - }, - { - "minemeld_test": { - "name": "Palo Alto MineMeld Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner" - ] - } - }, - { - "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", - "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", - "archer-get-record" - ] - } - }, - { - "LanguageDetect-Test": { - "name": "LanguageDetect-Test", - "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", - "Exists" - ] - } - }, - { - "ThreatGridTest": { - "name": "ThreatGridTest", - "implementing_scripts": [ - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", - "threat-grid-upload-sample" - ] - } - }, - { - "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate URL - Generic" - ] - } - }, - { - "test-ThreatConnect": { - "name": "test-ThreatConnect", - "implementing_commands": [ - "tc-owners" - ] - } - }, - { - "TestMatchRegex": { - "name": "TestMatchRegex", - "implementing_scripts": [ - "DeleteContext", - "MatchRegex" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Generic" - ] - } - }, - { - "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - SNDBOX" - ] - } - }, - { - "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", - "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", - "TestCreateIncidents" - ], - "implementing_playbooks": [ - "DBot Create Phishing Classifier" - ] - } - }, - { - "CirclIntegrationTest": { - "name": "CIRCL Test", - "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", - "isError" - ], - "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", - "circl-dns-get" - ] - } - }, - { - "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", - "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", - "AreValuesEqual" - ] - } - }, - { - "FireEye HX Test": { - "name": "FireEye HX Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", - "fireeye-hx-get-indicator" - ] - } - }, - { - "hashicorp_test": { - "name": "hashicorp_test", - "implementing_scripts": [ - "GetTime", - "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", - "hashicorp-reset-configuration" - ] - } - }, - { - "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", - "VerifyContext" - ] - } - }, - { - "XFE Test": { - "name": "XFE Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", - "file" - ] - } - }, - { - "Base64 File in List Test": { - "name": "Base64 File in List Test", - "implementing_scripts": [ - "VerifyContext", - "Base64ListToFile" - ], - "implementing_commands": [ - "setList" - ] - } - }, - { - "Cybereason Test": { - "name": "Cybereason Test", - "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-malops" - ] - } - }, - { - "ActiveMQ Test": { - "name": "ActiveMQ Test", - "implementing_scripts": [ - "VerifyContext", - "Sleep" - ], - "implementing_commands": [ - "activemq-send", - "activemq-subscribe" - ] - } - }, - { - "McAfeeNSMTest": { - "name": "McAfeeNSMTest", - "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", - "nsm-get-sensors" - ] - } - }, - { - "SNDBOX_Test": { - "name": "SNDBOX_Test", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", - "sndbox-is-online" - ] - } - }, - { - "Fortigate Test": { - "name": "Fortigate Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", - "fortigate-update-policy" - ] - } - }, - { - "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "sep-endpoints-info" - ] - } - }, - { - "awake_security_test_pb": { - "name": "awake_security_test_pb", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", - "email" - ] - } - }, - { - "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", - "implementing_scripts": [ - "CloseInvestigation", - "Print", - "Exists" - ], - "implementing_commands": [ - "nmap-scan" - ] - } - }, - { - "Detonate File - No Files test": { - "name": "Detonate File - No Files test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", - "ExtractEmail" - ] - } - }, - { - "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", - "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", - "AreValuesEqual" - ], - "implementing_commands": [ - "createNewIncident" - ] - } - }, - { - "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", - "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", - "AreValuesEqual" - ], - "implementing_commands": [ - "autofocus-search-sessions", - "file", - "autofocus-search-samples" - ] - } - }, - { - "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", - "remedy-incident-update" - ] - } - }, - { - "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Generic" - ], - "implementing_commands": [ - "cb-list-sensors" - ] - } - }, - { - "Test ParseCSV": { - "name": "Test ParseCSV", - "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", - "AreValuesEqual" - ] - } - }, - { - "Preempt Test": { - "name": "Preempt Test", - "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", - "preempt-add-to-watch-list" - ] - } - }, - { - "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", - "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", - "ValidateErrorExistence" - ], - "implementing_commands": [ - "ip", - "domain" - ] - } - }, - { - "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", - "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", - "AreValuesEqual" - ] - } - }, - { - "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", - "aws-s3-delete-bucket" - ] - } - }, - { - "buildewsquery_test": { - "name": "BuildEWSQuery Test", - "implementing_scripts": [ - "BuildEWSQuery", - "VerifyContext" - ] - } - }, - { - "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", - "panorama-delete-address" - ] - } - }, - { - "okta_test_playbook": { - "name": "Okta test playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", - "okta-get-group-assignments" - ] - } - }, - { - "test_delete_context": { - "name": "Test Delete Context", - "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", - "isError" - ] - } - }, - { - "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", - "implementing_scripts": [ - "JiraCreateIssue-example", - "DeleteContext" - ], - "implementing_commands": [ - "jira-delete-issue" - ] - } - }, - { - "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", - "attivo-list-playbooks" - ] - } - }, - { - "email_test": { - "name": "Email Address Enrichment - Generic - Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Email Address Enrichment - Generic" - ] - } - }, - { - "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", - "umbrella-get-domain-queryvolume" - ] - } - }, - { - "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", - "aws-sqs-delete-queue" - ] - } - }, - { - "RedCanaryTest": { - "name": "RedCanaryTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", - "redcanary-execute-playbook" - ] - } - }, - { - "blockip_test_playbook": { - "name": "blockip_test_playbook", - "implementing_scripts": [ - "BlockIP" - ] - } - }, - { - "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Block Endpoint - Carbon Black Response" - ], - "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", - "cb-sensor-info" - ] - } - }, - { - "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", - "ReadFile" - ] - } - }, - { - "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - D2" - ] - } - }, - { - "GetTime-Test": { - "name": "GetTime-Test", - "implementing_scripts": [ - "GetTime", - "DeleteContext", - "MatchRegex" - ] - } - }, - { - "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", - "implementing_scripts": [ - "CreateEmailHtmlBody", - "DeleteContext" - ], - "implementing_commands": [ - "createList" - ] - } - }, - { - "forcepoint test": { - "name": "forcepoint test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", - "fp-delete-categories" - ] - } - }, - { - "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "CrowdStrike Endpoint Enrichment" - ], - "implementing_commands": [ - "cs-device-search", - "cs-detection-search" - ] - } - }, - { - "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Endpoint Enrichment - Generic" - ] - } - }, - { - "TestHttpPlaybook": { - "name": "TestHttpPlaybook", - "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", - "http" - ] - } - }, - { - "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", - "implementing_scripts": [ - "VerifyContext", - "Sleep", - "IsMaliciousIndicatorFound" - ], - "implementing_commands": [ - "createNewIndicator" - ] - } - }, - { - "Mimecast test": { - "name": "Mimecast test", - "implementing_scripts": [ - "FetchFromInstance", - "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", - "mimecast-get-url-logs" - ] - } - }, - { - "TestParseCSV": { - "name": "TestParseCSV", - "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", - "ExportToCSV" - ] - } - }, - { - "ArcSight Logger test": { - "name": "ArcSight Logger test", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", - "as-events" - ] - } - }, - { - "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", - "cylance-protect-add-hash-to-list" - ] - } - }, - { - "McAfeeESMTest": { - "name": "McAfeeESMTest", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", - "esm-fetch-alarms" - ] - } - }, - { - "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "Jask_Test": { - "name": "Jask Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", - "jask-get-insight-comments" - ] - } - }, - { - "RSA NetWitness Test": { - "name": "RSA NetWitness Test", - "implementing_commands": [ - "netwitness-get-incident", - "netwitness-get-incidents" - ] - } - }, - { - "Test_Sagemaker": { - "name": "Test Sagemaker", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "predict-phishing" - ] - } - }, - { - "ExtractURL Test": { - "name": "ExtractURL Test", - "implementing_scripts": [ - "Print", - "ExtractURL", - "IsTrue" - ] - } - }, - { - "tenable-sc-test": { - "name": "Tenable.sc Test", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", - "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", - "tenable-sc-list-users" - ] - } - }, - { - "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", - "file" - ] - } - }, - { - "TestWordFileToIOC": { - "name": "TestWordFileToIOC", - "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", - "ParseWordDoc" - ] - } - }, - { - "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", - "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", - "Exists" - ] - } - }, - { - "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", - "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "url", - "ip", - "urlscan-submit" - ] - } - }, - { - "RasterizeImageTest": { - "name": "RasterizeImageTest", - "implementing_scripts": [ - "GenerateImageFileEntry", - "DeleteContext" - ], - "implementing_commands": [ - "rasterize-image", - "closeInvestigation" - ] - } - }, - { - "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", - "vigilante-search-leaks" - ] - } - }, - { - "strings-test": { - "name": "strings-test", - "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", - "VerifyContext" - ] - } - }, - { - "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Process Email - Generic" - ] - } - }, - { - "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy" - ] - } - }, - { - "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", - "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", - "CloseInvestigation" - ] - } - }, - { - "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_playbooks": [ - "Get Original Email - EWS" - ] - } - }, - { - "Remedy AR Test": { - "name": "Remedy AR Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "remedy-get-server-details" - ] - } - }, - { - "WordTokenizeTest": { - "name": "WordTokenizeTest", - "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", - "DeleteContext" - ] - } - }, - { - "ExtractDomainTest": { - "name": "ExtractDomainTest", - "implementing_scripts": [ - "VerifyContext", - "ExtractDomain" - ] - } - }, - { - "TestCommonPython": { - "name": "TestCommonPython", - "implementing_scripts": [ - "TestPYCommonServer" - ] - } - }, - { - "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect" - ] - } - }, - { - "TestPacketsled": { - "name": "TestPacketsled", - "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", - "packetsled-get-incidents" - ] - } - }, - { - "EWS search-mailbox test": { - "name": "EWS search-mailbox test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", - "send-mail" - ] - } - }, - { - "IntSights Test": { - "name": "IntSights Test", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", - "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", - "intsights-get-alert-activities" - ] - } - }, - { - "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", - "implementing_scripts": [ - "ContextContains", - "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", - "salesforce-query" - ] - } - }, - { - "Wildfire Test": { - "name": "Wildfire Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", - "wildfire-report" - ] - } - }, - { - "Vectra-test": { - "name": "Vectra-test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", - "vectra-detections" - ] - } - }, - { - "CuckooTest": { - "name": "CuckooTest", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate URL - Cuckoo", - "Detonate File - Cuckoo" - ] - } - }, - { - "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", - "implementing_scripts": [ - "VerifyContext", - "TextFromHTML" - ] - } - }, - { - "PhishAi-Test": { - "name": "PhishAi-Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "phish-ai-scan-url" - ] - } - }, - { - "Phishing test - attachment": { - "name": "Phishing test - attachment", - "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Phishing Investigation - Generic" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Protection" - ] - } - }, - { - "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", - "implementing_playbooks": [ - "Detonate URL - Phish.AI" - ] - } - }, - { - "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "file" - ] - } - }, - { - "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response" - ], - "implementing_commands": [ - "cb-list-sensors" - ] - } - }, - { - "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "VerifyHumanReadableEquals" - ], - "implementing_commands": [ - "pgsql-query" - ] - } - }, - { - "DUO Test Playbook": { - "name": "DUO Test Playbook", - "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", - "PrintContext" - ], - "implementing_commands": [ - "duo-preauth" - ] - } - }, - { - "secureworks_test": { - "name": "Secureworks test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", - "secure-works-get-tickets-updates" - ] - } - }, - { - "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", - "implementing_scripts": [ - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "File Enrichment - Generic" - ] - } - }, - { - "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", - "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", - "DeleteContext" - ] - } - }, - { - "ZipFile-Test": { - "name": "ZipFile-Test", - "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", - "DeleteContext" - ] - } - }, - { - "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", - "implementing_scripts": [ - "VerifyContext", - "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", - "aws-iam-delete-instance-profile" - ] - } - }, - { - "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", - "AreValuesEqual" - ] - } - }, - { - "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", - "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", - "PrintContext" - ], - "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", - "mwg-get-available-lists" - ] - } - }, - { - "DemistoLockTest": { - "name": "DemistoLockTest", - "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", - "isError" - ], - "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", - "demisto-lock-info" - ] - } - }, - { - "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - BitDam" - ] - } - }, - { - "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", - "lum-get-http-access-logs" - ] - } - }, - { - "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", - "mar-search" - ] - } - }, - { - "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", - "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", - "cb-session-close" - ] - } - }, - { - "Recorded Future Test": { - "name": "Recorded Future Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", - "file" - ] - } - }, - { - "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", - "netwitness-get-machine-module" - ] - } - }, - { - "DNSDBTest": { - "name": "DNSDBTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "dnsdb-rrset", - "dnsdb-rdata" - ] - } - }, - { - "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", - "implementing_scripts": [ - "VerifyTableToMarkDown", - "VerifyTreeToFlatObject" - ] - } - }, - { - "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Domain Enrichment - Generic" - ] - } - }, - { - "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", - "file" - ] - } - }, - { - "ParseExcel-test": { - "name": "ParseExcel-test", - "implementing_scripts": [ - "ParseExcel", - "DeleteContext", - "http" - ] - } - }, - { - "Zoom_Test": { - "name": "Zoom_Test", - "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", - "DeleteContext" - ], - "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", - "zoom-delete-user" - ] - } - }, - { - "DomainTools-Test": { - "name": "DomainTools-Test", - "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", - "reverseIP" - ] - } - }, - { - "RedLockTest": { - "name": "RedLockTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts" - ] - } - }, - { - "TruSTAR Test": { - "name": "TruSTAR Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", - "trustar-search-indicators" - ] - } - }, - { - "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", - "Detonate URL - JoeSecurity" - ] - } - }, - { - "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", - "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", - "AreValuesEqual" - ], - "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", - "smg-unblock-email" - ] - } - }, - { - "devo_test_playbook": { - "name": "Devo test playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "devo-query" - ] - } - }, - { - "Lastline - testplaybook": { - "name": "Lastline - testplaybook", - "implementing_scripts": [ - "DeleteContext", - "Set", - "http" - ], - "implementing_playbooks": [ - "Detonate URL - Lastline", - "Detonate File - Lastline" - ] - } - }, - { - "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "Test CommonServer": { - "name": "Test CommonServer", - "implementing_scripts": [ - "TestFormatTableValues" - ] - } - }, - { - "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", - "implementing_scripts": [ - "RaiseError", - "Print", - "Set" - ] - } - }, - { - "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", - "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext" - ], - "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", - "vt-private-get-domain-report" - ] - } - }, - { - "SCADAfence_test": { - "name": "SCADAfence_test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAlerts" - ] - } - }, - { - "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", - "implementing_scripts": [ - "SEPScan", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", - "sep-system-info" - ] - } - }, - { - "PagerDuty Test": { - "name": "PagerDuty Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call-now" - ] - } - }, - { - "pan-appframework-test": { - "name": "pan-appframework-test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "pan-appframework-query-logs" - ] - } - }, - { - "TestSafeBreach": { - "name": "TestSafeBreach", - "implementing_commands": [ - "safebreach-get-simulation", - "safebreach-rerun" - ] - } - }, - { - "ExifReadTest": { - "name": "ExifReadTest", - "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", - "DeleteContext" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "McAfee-TIE Test": { - "name": "McAfee-TIE Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "tie-file-references", - "file", - "tie-set-file-reputation" - ] - } - }, - { - "SymantecMSSTest": { - "name": "SymantecMSSTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", - "symantec-mss-get-incident" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - } - ] +{ + "scripts": [ + { + "AwsStopInstance": { + "name": "AwsStopInstance", + "depends_on": [ + "stop-instance" + ] + } + }, + { + "PWFindEvents": { + "name": "PWFindEvents", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "QRadarClassifier": { + "name": "QRadarClassifier", + "deprecated": true, + "depends_on": [ + "qradar-searches" + ] + } + }, + { + "VolLDRModules": { + "name": "VolLDRModules" + } + }, + { + "CPShowHosts": { + "name": "CPShowHosts", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "PWSensors": { + "name": "PWSensors", + "deprecated": true, + "depends_on": [ + "sensors" + ], + "script_executions": [ + "sensors" + ] + } + }, + { + "ADListComputers": { + "name": "ADListComputers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CheckWhitelist": { + "name": "CheckWhitelist", + "deprecated": true, + "script_executions": [ + "getList" + ] + } + }, + { + "VectraHosts": { + "name": "VectraHosts", + "deprecated": true, + "depends_on": [ + "vec-hosts" + ] + } + }, + { + "SetContext": { + "name": "SetContext", + "deprecated": true + } + }, + { + "D2Autoruns": { + "name": "D2Autoruns" + } + }, + { + "MathUtil": { + "name": "MathUtil" + } + }, + { + "CBFindHash": { + "name": "CBFindHash", + "deprecated": true, + "depends_on": [ + "cb-binary" + ] + } + }, + { + "SendEmailToManager": { + "name": "SendEmailToManager", + "fromversion": "3.5.0", + "depends_on": [ + "ad-search", + "send-mail" + ], + "script_executions": [ + "AdSearch", + "AdSearch", + "addEntitlement" + ] + } + }, + { + "FileCreateAndUpload": { + "name": "FileCreateAndUpload" + } + }, + { + "DecodeMimeHeader": { + "name": "DecodeMimeHeader" + } + }, + { + "WildfireUpload": { + "name": "WildfireUpload", + "deprecated": true, + "depends_on": [ + "wildfire-upload" + ] + } + }, + { + "CYFileRep": { + "name": "CYFileRep", + "depends_on": [ + "file", + "cy-upload" + ], + "script_executions": [ + "getEntry", + "file", + "file" + ] + } + }, + { + "PanoramaPcaps": { + "name": "PanoramaPcaps", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "ExtractDomain": { + "name": "ExtractDomain", + "toversion": "3.0.0" + } + }, + { + "ExposeUsers": { + "name": "ExposeUsers", + "deprecated": true + } + }, + { + "Print": { + "name": "Print" + } + }, + { + "CSIndicators": { + "name": "CSIndicators", + "deprecated": true, + "depends_on": [ + "cs-indicators" + ] + } + }, + { + "PWEventPcapInfo": { + "name": "PWEventPcapInfo", + "deprecated": true, + "depends_on": [ + "event-pcap-info" + ] + } + }, + { + "JiraIssueQuery": { + "name": "JiraIssueQuery", + "deprecated": true, + "depends_on": [ + "jira-issue-query" + ] + } + }, + { + "ADGetAllUsersEmail": { + "name": "ADGetAllUsersEmail", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CuckooDetonateFile": { + "name": "CuckooDetonateFile", + "depends_on": [ + "cuckoo-create-task-from-file" + ] + } + }, + { + "EPORepoList": { + "name": "EPORepoList", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "GrrSetFlows": { + "name": "GrrSetFlows", + "depends_on": [ + "grr_set_flows" + ], + "script_executions": [ + "grr_set_flows" + ] + } + }, + { + "VectraGetDetetctionsById": { + "name": "VectraGetDetetctionsById", + "deprecated": true, + "depends_on": [ + "vec-get-detetctions-by-id" + ] + } + }, + { + "CommonD2": { + "name": "CommonD2" + } + }, + { + "FilterByList": { + "name": "FilterByList", + "script_executions": [ + "getList" + ] + } + }, + { + "ExtractHash": { + "name": "ExtractHash" + } + }, + { + "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { + "name": "commentsToContext" + } + }, + { + "ConvertXmlFileToJson": { + "name": "ConvertXmlFileToJson" + } + }, + { + "IPExtract": { + "name": "IPExtract", + "deprecated": true + } + }, + { + "DBotAverageScore": { + "name": "DBotAverageScore" + } + }, + { + "NessusCreateScan": { + "name": "NessusCreateScan", + "deprecated": true, + "depends_on": [ + "scan-create" + ] + } + }, + { + "StixParser": { + "name": "StixParser" + } + }, + { + "NessusShowEditorTemplates": { + "name": "NessusShowEditorTemplates", + "deprecated": true, + "depends_on": [ + "nessus-get-scans-editors" + ] + } + }, + { + "QrFullSearch": { + "name": "QrFullSearch", + "deprecated": true, + "depends_on": [ + "QrGetSearchResults", + "qr-get-search", + "qr-searches" + ], + "script_executions": [ + "QrGetSearchResults" + ] + } + }, + { + "FetchFromInstance": { + "name": "FetchFromInstance", + "fromversion": "4.0.0", + "deprecated": true + } + }, + { + "a6e348f4-1e40-4365-870c-52139c60779a": { + "name": "OktaGetUser", + "deprecated": true, + "depends_on": [ + "okta-get-user" + ] + } + }, + { + "VolConnscan": { + "name": "VolConnscan" + } + }, + { + "840aa9a7-04b2-4505-8238-8fe85f010dde": { + "name": "OktaActivateUser", + "deprecated": true, + "depends_on": [ + "okta-activate-user" + ] + } + }, + { + "CBLiveGetFile": { + "name": "CBLiveGetFile", + "depends_on": [ + "cb-session-create", + "cb-sensor-info", + "cb-command-create", + "cb-session-info", + "cb-file-get", + "cb-command-info", + "cb-list-sessions" + ] + } + }, + { + "ScheduleGenericPolling": { + "name": "ScheduleGenericPolling", + "fromversion": "4.0.0" + } + }, + { + "AddEvidence": { + "name": "AddEvidence", + "fromversion": "2.5.0" + } + }, + { + "Ping": { + "name": "Ping" + } + }, + { + "EncodeToAscii": { + "name": "EncodeToAscii" + } + }, + { + "ServiceNowCreateIncident": { + "name": "ServiceNowCreateIncident", + "depends_on": [ + "servicenow-query-table", + "servicenow-create-record" + ] + } + }, + { + "TriagePhishing": { + "name": "TriagePhishing", + "deprecated": true + } + }, + { + "LessThanPercentage": { + "name": "LessThanPercentage" + } + }, + { + "TrendmicroAlertStatus": { + "name": "TrendmicroAlertStatus", + "depends_on": [ + "trendmicro-alert-status" + ] + } + }, + { + "SandboxDetonateFile": { + "name": "SandboxDetonateFile", + "script_executions": [ + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "getEntry", + "CuckooDetonateFile", + "CuckooTaskStatus", + "CuckooGetReport" + ] + } + }, + { + "ParseEmailFiles": { + "name": "ParseEmailFiles", + "script_executions": [ + "getEntry", + "getFilePath" + ] + } + }, + { + "ConferSetSeverity": { + "name": "ConferSetSeverity", + "depends_on": [ + "confer" + ], + "script_executions": [ + "setSeverity" + ] + } + }, + { + "ReverseList": { + "name": "ReverseList" + } + }, + { + "ImpSfListEndpoints": { + "name": "ImpSfListEndpoints", + "depends_on": [ + "imp-sf-list-endpoints" + ] + } + }, + { + "9364c36f-b1d6-4233-88c2-75008b106c31": { + "name": "vmray_getResults", + "depends_on": [ + "get_job_sample" + ], + "script_executions": [ + "get_job_sample", + "get_results", + "scheduleEntry" + ] + } + }, + { + "InviteUser": { + "name": "InviteUser" + } + }, + { + "VectraDetections": { + "name": "VectraDetections", + "deprecated": true, + "depends_on": [ + "vec-detections" + ] + } + }, + { + "StaticAnalyze": { + "name": "StaticAnalyze" + } + }, + { + "GetContextValue": { + "name": "GetContextValue", + "deprecated": true + } + }, + { + "TaniumFilterComputersByIndexQueryFileDetails": { + "name": "TaniumFilterComputersByIndexQueryFileDetails", + "depends_on": [ + "tn-ask-manual-question" + ] + } + }, + { + "D2O365ComplianceSearch": { + "name": "D2O365ComplianceSearch" + } + }, + { + "SearchIncidents": { + "name": "SearchIncidents" + } + }, + { + "CuckooDisplayReport": { + "name": "CuckooDisplayReport", + "depends_on": [ + "ck-report" + ], + "script_executions": [ + "getFilePath", + "getEntry" + ] + } + }, + { + "VolPSList": { + "name": "VolPSList" + } + }, + { + "CBLiveProcessList": { + "name": "CBLiveProcessList", + "depends_on": [ + "cb-command-info", + "cb-command-create" + ] + } + }, + { + "GoogleappsGmailGetMail": { + "name": "GoogleappsGmailGetMail", + "deprecated": true, + "depends_on": [ + "googleapps-gmail-get-mail" + ] + } + }, + { + "PTEnrich": { + "name": "PTEnrich", + "depends_on": [ + "pt-osint", + "pt-whois", + "pt-malware", + "pt-enrichment", + "pt-get-subdomains", + "pt-ssl-cert", + "pt-passive-dns" + ] + } + }, + { + "ResolveShortenedURL": { + "name": "ResolveShortenedURL" + } + }, + { + "CommonServerUserPython": { + "name": "CommonServerUserPython" + } + }, + { + "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { + "name": "NetwitnessSearch", + "depends_on": [ + "nw-sdk-search" + ] + } + }, + { + "RunSqlQuery": { + "name": "RunSqlQuery", + "deprecated": true, + "depends_on": [ + "query" + ], + "script_executions": [ + "query" + ] + } + }, + { + "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { + "name": "VerifyContext", + "deprecated": true + } + }, + { + "TimeStampToDate": { + "name": "TimeStampToDate" + } + }, + { + "SlackAskUser": { + "name": "SlackAskUser", + "toversion": "3.1.0", + "depends_on": [ + "slack-send" + ], + "script_executions": [ + "addOneTimeEntitlement" + ] + } + }, + { + "CPShowAccessRulebase": { + "name": "CPShowAccessRulebase", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "VolNetworkConnections": { + "name": "VolNetworkConnections" + } + }, + { + "DemistoDeleteIncident": { + "name": "DemistoDeleteIncident", + "deprecated": true, + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "SSDeepReputation": { + "name": "SSDeepReputation", + "script_executions": [ + "findIndicators", + "getContext" + ] + } + }, + { + "GrrGetHunt": { + "name": "GrrGetHunt", + "depends_on": [ + "grr_get_hunt" + ], + "script_executions": [ + "grr_get_hunt" + ] + } + }, + { + "findIncidentsWithIndicator": { + "name": "findIncidentsWithIndicator" + } + }, + { + "ExifRead": { + "name": "ExifRead" + } + }, + { + "AlgosecGetTicket": { + "name": "AlgosecGetTicket", + "depends_on": [ + "algosec-get-ticket" + ] + } + }, + { + "IncapGetDomainApproverEmail": { + "name": "IncapGetDomainApproverEmail", + "depends_on": [ + "incap-get-domain-approver-email" + ] + } + }, + { + "ElasticSearchDisplay": { + "name": "ElasticSearchDisplay", + "depends_on": [ + "search" + ] + } + }, + { + "ContextGetIps": { + "name": "ContextGetIps" + } + }, + { + "D2Hardware": { + "name": "D2Hardware" + } + }, + { + "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { + "name": "OktaSearch", + "deprecated": true, + "depends_on": [ + "okta-search" + ] + } + }, + { + "TrendmicroSecurityProfileRetrieveAll": { + "name": "TrendmicroSecurityProfileRetrieveAll", + "depends_on": [ + "trendmicro-security-profile-retrieve-all" + ] + } + }, + { + "PanoramaConfig": { + "name": "PanoramaConfig", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "RepopulateFiles": { + "name": "RepopulateFiles", + "script_executions": [ + "getEntries" + ] + } + }, + { + "SendMessageToOnlineUsers": { + "name": "SendMessageToOnlineUsers" + } + }, + { + "SetIncidentCustomFields": { + "name": "SetIncidentCustomFields" + } + }, + { + "CEFParser": { + "name": "CEFParser" + } + }, + { + "ADSetNewPassword": { + "name": "ADSetNewPassword", + "deprecated": true, + "depends_on": [ + "ad-set-new-password" + ] + } + }, + { + "misp_upload_sample": { + "name": "misp_upload_sample", + "depends_on": [ + "internal-misp-upload-sample" + ], + "script_executions": [ + "getFilePath" + ] + } + }, + { + "IsValueInArray": { + "name": "IsValueInArray" + } + }, + { + "displayhtml": { + "name": "DisplayHTML" + } + }, + { + "VectraClassifier": { + "name": "VectraClassifier", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "JSONtoCSV": { + "name": "JSONtoCSV", + "script_executions": [ + "getEntry" + ] + } + }, + { + "ConferIncidentDetails": { + "name": "ConferIncidentDetails", + "depends_on": [ + "confer" + ] + } + }, + { + "ParseJSON": { + "name": "ParseJSON" + } + }, + { + "ScheduleCommand": { + "name": "ScheduleCommand" + } + }, + { + "XBTimeline": { + "name": "XBTimeline", + "depends_on": [ + "xb-timeline" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "toversion": "3.1.0" + } + }, + { + "IncidentSet": { + "name": "IncidentSet", + "toversion": "3.5.0", + "script_executions": [ + "setOwner", + "setStage", + "setIncident", + "setPlaybook" + ] + } + }, + { + "DataIPReputation": { + "name": "DataIPReputation", + "deprecated": true + } + }, + { + "URLSSLVerification": { + "name": "URLSSLVerification" + } + }, + { + "EmailDomainSquattingReputation": { + "name": "EmailDomainSquattingReputation" + } + }, + { + "XBUser": { + "name": "XBUser", + "depends_on": [ + "xb-user" + ] + } + }, + { + "SNUpdateTicket": { + "name": "SNUpdateTicket", + "deprecated": true, + "depends_on": [ + "servicenow-incident-update" + ] + } + }, + { + "ticksToTime": { + "name": "ticksToTime" + } + }, + { + "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { + "name": "VirustotalIsMalicious", + "deprecated": true, + "depends_on": [ + "file" + ], + "script_executions": [ + "file", + "file" + ] + } + }, + { + "TopMaliciousRatioIndicators": { + "name": "TopMaliciousRatioIndicators", + "fromversion": "4.0.0", + "script_executions": [ + "findIndicators", + "maliciousRatio" + ] + } + }, + { + "SetMultipleValues": { + "name": "SetMultipleValues" + } + }, + { + "PanoramaCommit": { + "name": "PanoramaCommit", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "CloseInvestigation": { + "name": "CloseInvestigation", + "deprecated": true + } + }, + { + "CrowdStrikeUrlParse": { + "name": "CrowdStrikeUrlParse" + } + }, + { + "MarkRelatedIncidents": { + "name": "MarkRelatedIncidents" + } + }, + { + "DemistoSendInvite": { + "name": "DemistoSendInvite", + "depends_on": [ + "demisto-api-post", + "demisto-api-get" + ] + } + }, + { + "CommonIntegrationPython": { + "name": "CommonIntegrationPython", + "deprecated": true + } + }, + { + "RunDockerCommand": { + "name": "RunDockerCommand" + } + }, + { + "GoogleappsGmailSearch": { + "name": "GoogleappsGmailSearch", + "deprecated": true, + "depends_on": [ + "googleapps-gmail-search" + ] + } + }, + { + "EPODetermineRepository": { + "name": "EPODetermineRepository", + "deprecated": true + } + }, + { + "emailFieldTriggered": { + "name": "emailFieldTriggered" + } + }, + { + "TrendMicroGetPolicyID": { + "name": "TrendMicroGetPolicyID", + "depends_on": [ + "trendmicro-security-profile-retrieve-all" + ], + "script_executions": [ + "TrendmicroSecurityProfileRetrieveAll" + ] + } + }, + { + "AquatoneDiscover": { + "name": "AquatoneDiscover" + } + }, + { + "ExtractDomainFromURL": { + "name": "ExtractDomainFromURL", + "deprecated": true + } + }, + { + "NetwitnessSAUpdateIncident": { + "name": "NetwitnessSAUpdateIncident", + "deprecated": true, + "depends_on": [ + "nw-update-incident" + ] + } + }, + { + "UnzipFile": { + "name": "UnzipFile", + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "NetwitnessSAGetAvailableAssignees": { + "name": "NetwitnessSAGetAvailableAssignees", + "depends_on": [ + "nw-get-available-assignees" + ] + } + }, + { + "QualysCreateIncidentFromReport": { + "name": "QualysCreateIncidentFromReport", + "depends_on": [ + "qualys-host-list" + ], + "script_executions": [ + "getIncidents" + ] + } + }, + { + "CuckooDetonateURL": { + "name": "CuckooDetonateURL", + "depends_on": [ + "cuckoo-create-task-from-url" + ] + } + }, + { + "UserEnrichAD": { + "name": "UserEnrichAD", + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUser" + ] + } + }, + { + "WordTokenizer": { + "name": "WordTokenizer" + } + }, + { + "da8594b8-0b57-4cb2-8578-94754bb577c6": { + "name": "NetwitnessSAListIncidents", + "depends_on": [ + "nw-list-incidents" + ] + } + }, + { + "IsContextSet": { + "name": "IsContextSet", + "deprecated": true + } + }, + { + "Set": { + "name": "Set" + } + }, + { + "ArcherCreateSecurityIncident": { + "name": "ArcherCreateSecurityIncident", + "depends_on": [ + "archer-create-record" + ] + } + }, + { + "VolMalfindDumpAgent": { + "name": "VolMalfindDumpAgent" + } + }, + { + "TrendmicroSystemEventRetrieve": { + "name": "TrendmicroSystemEventRetrieve", + "depends_on": [ + "trendmicro-system-event-retrieve" + ] + } + }, + { + "MimecastFindEmail": { + "name": "MimecastFindEmail", + "depends_on": [ + "mimecast-query" + ] + } + }, + { + "D2Drop": { + "name": "D2Drop" + } + }, + { + "TaniumFindRunningProcesses": { + "name": "TaniumFindRunningProcesses", + "deprecated": true, + "depends_on": [ + "tn-add-question-complex", + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "NessusScanDetails": { + "name": "NessusScanDetails", + "deprecated": true, + "depends_on": [ + "scan-details" + ] + } + }, + { + "CBPCatalogFindHash": { + "name": "CBPCatalogFindHash", + "depends_on": [ + "cbp-fileCatalog-search" + ] + } + }, + { + "checkValue": { + "name": "checkValue" + } + }, + { + "WhileLoop": { + "name": "WhileLoop", + "deprecated": true + } + }, + { + "D2GetSystemLog": { + "name": "D2GetSystemLog" + } + }, + { + "CopyFileD2": { + "name": "CopyFileD2" + } + }, + { + "CheckFilesWildfirePy": { + "name": "CheckFilesWildfirePy", + "depends_on": [ + "wildfire-upload", + "wildfire-report" + ], + "script_executions": [ + "getEntries" + ] + } + }, + { + "ADGetGroupMembers": { + "name": "ADGetGroupMembers", + "depends_on": [ + "ad-search" + ] + } + }, + { + "SCPPullFiles": { + "name": "SCPPullFiles", + "depends_on": [ + "copy-from" + ] + } + }, + { + "ReadFile": { + "name": "ReadFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VectraSensors": { + "name": "VectraSensors", + "deprecated": true, + "depends_on": [ + "vec-sensors" + ] + } + }, + { + "QRadarFullSearch": { + "name": "QRadarFullSearch", + "deprecated": true, + "depends_on": [ + "qradar-get-search", + "qradar-get-search-results", + "qradar-searches" + ] + } + }, + { + "CSActors": { + "name": "CSActors", + "deprecated": true, + "depends_on": [ + "cs-actors" + ] + } + }, + { + "NessusGetReport": { + "name": "NessusGetReport", + "deprecated": true, + "depends_on": [ + "scan-report-download", + "scan-export", + "scan-export-status" + ] + } + }, + { + "VolRaw": { + "name": "VolRaw" + } + }, + { + "Base64Encode": { + "name": "Base64Encode" + } + }, + { + "LCMAcknowledgeHost": { + "name": "LCMAcknowledgeHost", + "depends_on": [ + "lcm-acknowledge-host" + ], + "script_executions": [ + "LCMHosts" + ] + } + }, + { + "ExtractEmail": { + "name": "ExtractEmail" + } + }, + { + "NexposeVulnExtractor": { + "name": "NexposeVulnExtractor", + "depends_on": [ + "nexpose" + ] + } + }, + { + "XBTriggeredRules": { + "name": "XBTriggeredRules", + "depends_on": [ + "xb-triggered-rules" + ] + } + }, + { + "LoadJSON": { + "name": "LoadJSON" + } + }, + { + "CommonUserServer": { + "name": "CommonUserServer" + } + }, + { + "IsMaliciousIndicatorFound": { + "name": "IsMaliciousIndicatorFound" + } + }, + { + "D2ActiveUsers": { + "name": "D2ActiveUsers" + } + }, + { + "BuildEWSQuery": { + "name": "BuildEWSQuery" + } + }, + { + "da330ce7-3a93-430c-8454-03b96cf5184e": { + "name": "OktaCreateUser", + "deprecated": true, + "depends_on": [ + "okta-create-user" + ] + } + }, + { + "JiraIssueUploadFile": { + "name": "JiraIssueUploadFile", + "deprecated": true, + "depends_on": [ + "jira-issue-upload-file" + ] + } + }, + { + "PanoramaDynamicAddressGroup": { + "name": "PanoramaDynamicAddressGroup", + "deprecated": true + } + }, + { + "ActiveUsersD2": { + "name": "ActiveUsersD2" + } + }, + { + "ParseExcel": { + "name": "ParseExcel", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "MatchRegex": { + "name": "MatchRegex" + } + }, + { + "ip_to_host": { + "name": "IPToHost" + } + }, + { + "AlgosecGetNetworkObject": { + "name": "AlgosecGetNetworkObject", + "depends_on": [ + "algosec-get-network-object" + ] + } + }, + { + "Autoruns": { + "name": "Autoruns" + } + }, + { + "VectraTriage": { + "name": "VectraTriage", + "deprecated": true, + "depends_on": [ + "vec-triage" + ] + } + }, + { + "ATDDetonate": { + "name": "ATDDetonate", + "depends_on": [ + "atd-get-report", + "atd-file-upload", + "atd-check-status" + ] + } + }, + { + "XBInfo": { + "name": "XBInfo" + } + }, + { + "NetwitnessSACreateIncident": { + "name": "NetwitnessSACreateIncident", + "depends_on": [ + "nw-create-incident" + ] + } + }, + { + "ExchangeSearchMailbox": { + "name": "ExchangeSearchMailbox" + } + }, + { + "DT": { + "name": "DT" + } + }, + { + "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { + "name": "VerifyContextFields", + "deprecated": true + } + }, + { + "5d44a5d9-d91a-4420-801f-755f26b60c47": { + "name": "cveLatest", + "deprecated": true, + "depends_on": [ + "cve-latest" + ] + } + }, + { + "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { + "name": "CheckpointFWCreateBackup", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "DemistoLogsBundle": { + "name": "DemistoLogsBundle", + "depends_on": [ + "demisto-api-download" + ] + } + }, + { + "ContextGetEmails": { + "name": "ContextGetEmails" + } + }, + { + "nexpose_create_incidents_from_assets": { + "name": "NexposeCreateIncidentsFromAssets", + "depends_on": [ + "nexpose-get-asset" + ], + "script_executions": [ + "getIncidents" + ] + } + }, + { + "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { + "name": "BlockIP" + } + }, + { + "ExchangeSearch": { + "name": "ExchangeSearch", + "deprecated": true, + "depends_on": [ + "ews-search-mailbox" + ] + } + }, + { + "CPSetRule": { + "name": "CPSetRule", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint", + "checkpoint" + ] + } + }, + { + "VolGetProcWithMalNetConn": { + "name": "VolGetProcWithMalNetConn" + } + }, + { + "ConvertTableToHTML": { + "name": "ConvertTableToHTML" + } + }, + { + "StringLength": { + "name": "StringLength" + } + }, + { + "CuckooGetScreenshot": { + "name": "CuckooGetScreenshot", + "depends_on": [ + "cuckoo-task-screenshot" + ] + } + }, + { + "VolMalfind": { + "name": "VolMalfind" + } + }, + { + "ExposeModules": { + "name": "ExposeModules", + "deprecated": true + } + }, + { + "GrrGetFlows": { + "name": "GrrGetFlows", + "depends_on": [ + "grr_get_flows" + ], + "script_executions": [ + "grr_get_flows" + ] + } + }, + { + "IsTrue": { + "name": "IsTrue" + } + }, + { + "SplunkSearchJsonPy": { + "name": "SplunkSearchJsonPy", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "UnEscapeURLs": { + "name": "UnEscapeURLs" + } + }, + { + "ProofpointDecodeURL": { + "name": "ProofpointDecodeURL" + } + }, + { + "ReadPDFFile": { + "name": "ReadPDFFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "ContextContains": { + "name": "ContextContains" + } + }, + { + "ADIsUserMember": { + "name": "ADIsUserMember", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUserGroups", + "AdSearch" + ] + } + }, + { + "PanoramaMove": { + "name": "PanoramaMove", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "ADGetUserGroups": { + "name": "ADGetUserGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "ADUserLogonInfo": { + "name": "ADUserLogonInfo", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "Osxcollector": { + "name": "Osxcollector" + } + }, + { + "PWObservationPcapInfo": { + "name": "PWObservationPcapInfo", + "deprecated": true, + "depends_on": [ + "observation-pcap-info" + ] + } + }, + { + "QrSearches": { + "name": "QrSearches", + "deprecated": true, + "depends_on": [ + "qr-searches" + ] + } + }, + { + "ExtractIndicatorsFromTextFile": { + "name": "ExtractIndicatorsFromTextFile" + } + }, + { + "CheckIPs": { + "name": "CheckIPs", + "deprecated": true, + "script_executions": [ + "ip" + ] + } + }, + { + "VolDlllist": { + "name": "VolDlllist" + } + }, + { + "FPSetRule": { + "name": "FPSetRule", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "TrendMicroClassifier": { + "name": "TrendMicroClassifier", + "depends_on": [ + "trendmicro-alert-status" + ] + } + }, + { + "TrendMicroGetHostID": { + "name": "TrendMicroGetHostID", + "depends_on": [ + "trendmicro-host-retrieve-all" + ], + "script_executions": [ + "TrendmicroHostRetrieveAll" + ] + } + }, + { + "ExtractDomainFromUrlAndEmail": { + "name": "ExtractDomainFromUrlAndEmail" + } + }, + { + "VectraSettings": { + "name": "VectraSettings", + "deprecated": true, + "depends_on": [ + "vec-settings" + ] + } + }, + { + "GenerateInvestigationSummaryReport": { + "name": "GenerateInvestigationSummaryReport", + "fromversion": "3.5.0" + } + }, + { + "DataDomainReputation": { + "name": "DataDomainReputation", + "fromversion": "3.1.0" + } + }, + { + "EPORepositoryComplianceCheck": { + "name": "EPORepositoryComplianceCheck", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "PWObservations": { + "name": "PWObservations", + "deprecated": true, + "depends_on": [ + "observation-search" + ] + } + }, + { + "DBotPredictTextLabel": { + "name": "DBotPredictTextLabel", + "fromversion": "4.1.0", + "script_executions": [ + "getList" + ] + } + }, + { + "InRange": { + "name": "InRange" + } + }, + { + "IngestCSV": { + "name": "IngestCSV", + "deprecated": true, + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "TrendmicroHostAntimalwareScan": { + "name": "TrendmicroHostAntimalwareScan", + "depends_on": [ + "trendmicro-host-antimalware-scan" + ] + } + }, + { + "QrGetSearchResults": { + "name": "QrGetSearchResults", + "deprecated": true, + "depends_on": [ + "qr-get-search-results" + ] + } + }, + { + "NessusHostDetails": { + "name": "NessusHostDetails", + "deprecated": true, + "depends_on": [ + "scan-host-details" + ] + } + }, + { + "WhereFieldEquals": { + "name": "WhereFieldEquals" + } + }, + { + "OSQueryUsers": { + "name": "OSQueryUsers", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "CrowdStrikeStreamingPreProcessing": { + "name": "CrowdStrikeStreamingPreProcessing", + "script_executions": [ + "addEntries" + ] + } + }, + { + "Strings": { + "name": "Strings", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "QrOffenses": { + "name": "QrOffenses", + "deprecated": true, + "depends_on": [ + "qr-offenses" + ] + } + }, + { + "LCMHosts": { + "name": "LCMHosts" + } + }, + { + "RegProbeBasic": { + "name": "RegProbeBasic" + } + }, + { + "ContextGetHashes": { + "name": "ContextGetHashes" + } + }, + { + "NexposeEmailParser": { + "name": "NexposeEmailParser", + "depends_on": [ + "nexpose" + ] + } + }, + { + "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { + "name": "WhileNotMdLoop", + "deprecated": true + } + }, + { + "SlackMirror": { + "name": "SlackMirror", + "deprecated": true, + "depends_on": [ + "slack-mirror-investigation" + ] + } + }, + { + "CheckFiles": { + "name": "CheckFiles", + "deprecated": true, + "depends_on": [ + "file" + ] + } + }, + { + "IsIPInRanges": { + "name": "IsIPInRanges" + } + }, + { + "CBSessions": { + "name": "CBSessions", + "depends_on": [ + "cb-list-sessions" + ] + } + }, + { + "JSONFileToCSV": { + "name": "JSONFileToCSV", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "GeneratePassword": { + "name": "GeneratePassword" + } + }, + { + "IncidentSet": { + "name": "IncidentSet", + "fromversion": "3.5.1", + "deprecated": true, + "script_executions": [ + "setOwner", + "setStage", + "setIncident", + "setPlaybook" + ] + } + }, + { + "GoogleAuthURL": { + "name": "GoogleAuthURL" + } + }, + { + "DataURLReputation": { + "name": "DataURLReputation", + "toversion": "3.0.1" + } + }, + { + "IPReputation": { + "name": "IPReputation", + "script_executions": [ + "ip" + ] + } + }, + { + "AwsCreateImage": { + "name": "AwsCreateImage", + "depends_on": [ + "create-image" + ] + } + }, + { + "WildfireReport": { + "name": "WildfireReport", + "deprecated": true, + "depends_on": [ + "wildfire-report" + ] + } + }, + { + "LCMIndicatorsForEntity": { + "name": "LCMIndicatorsForEntity", + "depends_on": [ + "lcm-indicatorsforentity" + ] + } + }, + { + "hideFieldsOnNewIncident": { + "name": "hideFieldsOnNewIncident", + "fromversion": "3.6.0" + } + }, + { + "ImpSfScheduleTask": { + "name": "ImpSfScheduleTask", + "depends_on": [ + "ImpSfRevokeUnaccessedDevices", + "scheduleEntry" + ], + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "ServiceNowUpdateIncident": { + "name": "ServiceNowUpdateIncident", + "depends_on": [ + "servicenow-query-table", + "servicenow-update-record" + ] + } + }, + { + "DataIPReputation": { + "name": "DataIPReputation", + "toversion": "3.0.1" + } + }, + { + "SetDateField": { + "name": "SetDateField", + "script_executions": [ + "setIncident" + ] + } + }, + { + "ADGetEmailForUser": { + "name": "ADGetEmailForUser", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "toversion": "3.6.0", + "fromversion": "3.5.0" + } + }, + { + "PWEventDetails": { + "name": "PWEventDetails", + "deprecated": true, + "depends_on": [ + "pw-event-get" + ] + } + }, + { + "CheckSenderDomainDistance": { + "name": "CheckSenderDomainDistance" + } + }, + { + "7b02fa0f-94ff-48c7-8350-b4e353702e73": { + "name": "VMRay", + "depends_on": [ + "upload_sample" + ], + "script_executions": [ + "getFilePath", + "upload_sample", + "scheduleEntry" + ] + } + }, + { + "PWObservationPcapDownload": { + "name": "PWObservationPcapDownload", + "depends_on": [ + "observation-pcap-download" + ] + } + }, + { + "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { + "name": "cveReputation", + "depends_on": [ + "cve-search" + ] + } + }, + { + "ParseEmailHeader": { + "name": "ParseEmailHeaders", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "IndicatorMaliciousRatioCalculation": { + "name": "IndicatorMaliciousRatioCalculation", + "fromversion": "3.5.0", + "script_executions": [ + "findIndicators", + "getIncidents", + "getIncidents" + ] + } + }, + { + "BinaryReputationPy": { + "name": "BinaryReputationPy", + "deprecated": true, + "depends_on": [ + "file" + ], + "script_executions": [ + "getEntries", + "file", + "file" + ] + } + }, + { + "ArcherUpdateSecurityIncident": { + "name": "ArcherUpdateSecurityIncident", + "depends_on": [ + "archer-update-record" + ] + } + }, + { + "IsListExist": { + "name": "IsListExist", + "script_executions": [ + "getList" + ] + } + }, + { + "CSCountDevicesForIOC": { + "name": "CSCountDevicesForIOC", + "deprecated": true, + "depends_on": [ + "cs-device-count-ioc" + ] + } + }, + { + "LCMSetHostComment": { + "name": "LCMSetHostComment", + "depends_on": [ + "lcm-set-host-comment" + ], + "script_executions": [ + "LCMHosts" + ] + } + }, + { + "D2Exec": { + "name": "D2Exec" + } + }, + { + "OSQueryProcesses": { + "name": "OSQueryProcesses", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "NessusScanStatus": { + "name": "NessusScanStatus", + "deprecated": true, + "depends_on": [ + "scan-details" + ] + } + }, + { + "DemistoLinkIncidents": { + "name": "DemistoLinkIncidents", + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "JiraCreateIssue": { + "name": "JiraCreateIssue", + "deprecated": true, + "depends_on": [ + "jira-create-issue" + ] + } + }, + { + "LocateAttachment": { + "name": "LocateAttachment", + "deprecated": true, + "script_executions": [ + "getEntries" + ] + } + }, + { + "ADGetComputerGroups": { + "name": "ADGetComputerGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "AdSearch" + ] + } + }, + { + "MapValues": { + "name": "MapValues" + } + }, + { + "QrGetSearch": { + "name": "QrGetSearch", + "deprecated": true, + "depends_on": [ + "qr-get-search" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "fromversion": "4.0.0" + } + }, + { + "AwsGetInstanceInfo": { + "name": "AwsGetInstanceInfo", + "depends_on": [ + "get-instance-info", + "get-ebs-volume-info", + "get-sg-info" + ] + } + }, + { + "CreateArray": { + "name": "CreateArray" + } + }, + { + "ADListUsers": { + "name": "ADListUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CBPFindRule": { + "name": "CBPFindRule", + "depends_on": [ + "cbp-fileRule-search" + ] + } + }, + { + "GoogleappsListUsers": { + "name": "GoogleappsListUsers", + "deprecated": true, + "depends_on": [ + "googleapps-list-users" + ] + } + }, + { + "ParseCSV": { + "name": "ParseCSV", + "script_executions": [ + "getEntries" + ] + } + }, + { + "D2Winpmem": { + "name": "D2Winpmem" + } + }, + { + "AlgosecGetApplications": { + "name": "AlgosecGetApplications", + "depends_on": [ + "algosec-get-applications" + ] + } + }, + { + "Elasticsearch": { + "name": "Elasticsearch", + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "EPOUpdateRepository": { + "name": "EPOUpdateRepository", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "ZipFile": { + "name": "ZipFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VectraSummary": { + "name": "VectraSummary", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "MattermostAskUser": { + "name": "MattermostAskUser", + "depends_on": [ + "mattermost-send" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "WhoisSummary": { + "name": "WhoisSummary", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "AssignAnalystToIncident": { + "name": "AssignAnalystToIncident" + } + }, + { + "Base64ListToFile": { + "name": "Base64ListToFile", + "script_executions": [ + "getList" + ] + } + }, + { + "LCMPathFinderScanHost": { + "name": "LCMPathFinderScanHost", + "depends_on": [ + "lcm-pathfinder-scan" + ] + } + }, + { + "IncapScheduleTask": { + "name": "IncapScheduleTask", + "depends_on": [ + "scheduleEntry", + "IncapWhitelistCompliance" + ], + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "SbQuery": { + "name": "SbQuery", + "depends_on": [ + "sb-query" + ] + } + }, + { + "GetStringsDistance": { + "name": "GetStringsDistance" + } + }, + { + "CSHuntByIOC": { + "name": "CSHuntByIOC", + "deprecated": true, + "depends_on": [ + "cs-device-ran-on" + ] + } + }, + { + "FireEyeDetonateFile": { + "name": "FireEyeDetonateFile", + "depends_on": [ + "fe-submit", + "fe-submit-result", + "fe-submit-status" + ], + "script_executions": [ + "IsIntegrationAvailable" + ] + } + }, + { + "514ec833-c02c-49a3-8ac6-d982198f5fa0": { + "name": "OktaUpdateUser", + "deprecated": true, + "depends_on": [ + "okta-update-user" + ] + } + }, + { + "JoinIfSingleElementOnly": { + "name": "JoinIfSingleElementOnly" + } + }, + { + "PWObservationDetails": { + "name": "PWObservationDetails", + "deprecated": true, + "depends_on": [ + "pw-observation-get" + ] + } + }, + { + "SNOpenTicket": { + "name": "SNOpenTicket", + "deprecated": true, + "depends_on": [ + "servicenow-incident-create" + ] + } + }, + { + "IPInfoQuery": { + "name": "IPInfoQuery", + "deprecated": true, + "depends_on": [ + "ipinfo_field" + ], + "script_executions": [ + "ipinfo_field", + "ip" + ] + } + }, + { + "RegCollectValues": { + "name": "RegCollectValues" + } + }, + { + "MD5Extract": { + "name": "MD5Extract", + "deprecated": true + } + }, + { + "CommonIntegration": { + "name": "CommonIntegration", + "deprecated": true + } + }, + { + "CBPBanHash": { + "name": "CBPBanHash", + "depends_on": [ + "cbp-fileRule-update" + ] + } + }, + { + "URLDecode": { + "name": "URLDecode" + } + }, + { + "AwsRunInstance": { + "name": "AwsRunInstance", + "depends_on": [ + "run-instance" + ] + } + }, + { + "EPORetrieveCurrentDATVersion": { + "name": "EPORetrieveCurrentDATVersion", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "TaniumShowPendingActions": { + "name": "TaniumShowPendingActions", + "deprecated": true, + "depends_on": [ + "tn-get-object" + ] + } + }, + { + "PrintErrorEntry": { + "name": "PrintErrorEntry", + "fromversion": "4.0.0" + } + }, + { + "SEPCheckOutdatedEndpoints": { + "name": "SEPCheckOutdatedEndpoints", + "depends_on": [ + "sep-client-content" + ] + } + }, + { + "URLNumberOfAds": { + "name": "URLNumberOfAds" + } + }, + { + "IncidentToContext": { + "name": "IncidentToContext", + "deprecated": true + } + }, + { + "D2Users": { + "name": "D2Users" + } + }, + { + "StripChars": { + "name": "StripChars" + } + }, + { + "RegPathReputationBasicLists": { + "name": "RegPathReputationBasicLists" + } + }, + { + "IsIntegrationAvailable": { + "name": "IsIntegrationAvailable" + } + }, + { + "ExposeIncidentOwner": { + "name": "ExposeIncidentOwner" + } + }, + { + "EmailReputation": { + "name": "EmailReputation", + "script_executions": [ + "email" + ] + } + }, + { + "AwsCreateVolumeSnapshot": { + "name": "AwsCreateVolumeSnapshot", + "depends_on": [ + "create-volume-snapshot" + ] + } + }, + { + "CreateEmailHtmlBody": { + "name": "CreateEmailHtmlBody" + } + }, + { + "listExecutedCommands": { + "name": "listExecutedCommands" + } + }, + { + "EPOUpdateEndpoints": { + "name": "EPOUpdateEndpoints", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "CheckSender": { + "name": "CheckSender", + "depends_on": [ + "pipl-search" + ] + } + }, + { + "NessusLaunchScan": { + "name": "NessusLaunchScan", + "deprecated": true, + "depends_on": [ + "scan-launch" + ] + } + }, + { + "ADGetGroupUsers": { + "name": "ADGetGroupUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CPTaskStatus": { + "name": "CPTaskStatus", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "80b5c44c-4eac-4e00-812f-6d409d57be31": { + "name": "WhoisLookup", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "NetwitnessSAAddEventsToIncident": { + "name": "NetwitnessSAAddEventsToIncident", + "depends_on": [ + "nw-add-events-to-incident" + ] + } + }, + { + "StopScheduledTask": { + "name": "StopScheduledTask", + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "SalesforceAskUser": { + "name": "SalesforceAskUser", + "depends_on": [ + "salesforce-push-comment" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "ADListUsersEx": { + "name": "ADListUsersEx", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "OSQueryOpenSockets": { + "name": "OSQueryOpenSockets", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "EsmExample": { + "name": "EsmExample", + "depends_on": [ + "search" + ] + } + }, + { + "SetSeverityByScore": { + "name": "SetSeverityByScore", + "script_executions": [ + "IncidentSet", + "IncidentSet", + "IncidentSet" + ] + } + }, + { + "RSAArcherManualFetch": { + "name": "RSAArcherManualFetch", + "depends_on": [ + "archer-manually-fetch-incident" + ], + "script_executions": [ + "createNewIncident" + ] + } + }, + { + "CheckpointFWBackupStatus": { + "name": "CheckpointFWBackupStatus", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "VolImageinfo": { + "name": "VolImageinfo" + } + }, + { + "CBPApproveHash": { + "name": "CBPApproveHash", + "depends_on": [ + "cbp-fileRule-update" + ] + } + }, + { + "ParseEmailFile": { + "name": "ParseEmailFile", + "deprecated": true, + "script_executions": [ + "getEntry", + "getFilePath" + ] + } + }, + { + "GoogleappsRevokeUserRole": { + "name": "GoogleappsRevokeUserRole", + "depends_on": [ + "googleapps-revoke-user-role" + ] + } + }, + { + "DBotPredictPhishingEvaluation": { + "name": "DBotPredictPhishingEvaluation", + "fromversion": "4.1.0", + "script_executions": [ + "DBotPreparePhishingData", + "setIncident" + ] + } + }, + { + "DemistoUploadFile": { + "name": "DemistoUploadFile", + "depends_on": [ + "demisto-api-multipart" + ] + } + }, + { + "SNListTickets": { + "name": "SNListTickets", + "deprecated": true, + "depends_on": [ + "servicenow-incidents-query" + ] + } + }, + { + "JiraIssueAddComment": { + "name": "JiraIssueAddComment", + "deprecated": true, + "depends_on": [ + "jira-issue-add-comment" + ] + } + }, + { + "AlgosecCreateTicket": { + "name": "AlgosecCreateTicket", + "depends_on": [ + "algosec-create-ticket" + ] + } + }, + { + "DeleteContext": { + "name": "DeleteContext" + } + }, + { + "ADGetUsersByEmail": { + "name": "ADGetUsersByEmail", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "LanguageDetect": { + "name": "LanguageDetect" + } + }, + { + "IncapGetAppInfo": { + "name": "IncapGetAppInfo", + "depends_on": [ + "incap-get-app-info" + ] + } + }, + { + "SplunkEmailParser": { + "name": "SplunkEmailParser", + "depends_on": [ + "search" + ] + } + }, + { + "GetTime": { + "name": "GetTime" + } + }, + { + "PortListenCheck": { + "name": "PortListenCheck" + } + }, + { + "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { + "name": "WhileNotExistLoop", + "deprecated": true + } + }, + { + "PanoramaBlockIP": { + "name": "PanoramaBlockIP", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "IdentifyAttachedEmail": { + "name": "IdentifyAttachedEmail", + "script_executions": [ + "getEntries" + ] + } + }, + { + "D2Services": { + "name": "D2Services" + } + }, + { + "AlgosecQuery": { + "name": "AlgosecQuery", + "depends_on": [ + "algosec-query" + ] + } + }, + { + "AwsStartInstance": { + "name": "AwsStartInstance", + "depends_on": [ + "start-instance" + ] + } + }, + { + "DomainReputation": { + "name": "DomainReputation", + "script_executions": [ + "domain" + ] + } + }, + { + "GetDuplicatesMlv2": { + "name": "GetDuplicatesMlv2", + "fromversion": "3.5.0", + "script_executions": [ + "getIncidents", + "findIndicators", + "getIncidents" + ] + } + }, + { + "JIRAPrintIssue": { + "name": "JIRAPrintIssue", + "depends_on": [ + "jira-get-issue" + ] + } + }, + { + "FPDeleteRule": { + "name": "FPDeleteRule", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "isError": { + "name": "isError" + } + }, + { + "CommonServerPython": { + "name": "CommonServerPython" + } + }, + { + "10cb3486-48f3-4d93-88af-b6be84ffd432": { + "name": "OktaGetGroups", + "deprecated": true, + "depends_on": [ + "okta-get-groups" + ] + } + }, + { + "DocumentationAutomation": { + "name": "DocumentationAutomation", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "FileReputation": { + "name": "FileReputation", + "script_executions": [ + "file" + ] + } + }, + { + "AreValuesEqual": { + "name": "AreValuesEqual" + } + }, + { + "LCMDetectedEntities": { + "name": "LCMDetectedEntities", + "depends_on": [ + "lcm-entities" + ] + } + }, + { + "UtilAnyResults": { + "name": "UtilAnyResults" + } + }, + { + "ExampleJSScript": { + "name": "ExampleJSScript" + } + }, + { + "UnEscapeIPs": { + "name": "UnEscapeIPs" + } + }, + { + "OSQueryLoggedInUsers": { + "name": "OSQueryLoggedInUsers", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "FindSimilarIncidentsByText": { + "name": "FindSimilarIncidentsByText" + } + }, + { + "IncapWhitelistCompliance": { + "name": "IncapWhitelistCompliance", + "depends_on": [ + "incap-get-domain-approver-email", + "RemoteExec", + "incap-list-sites", + "SendEmail" + ], + "script_executions": [ + "SendEmail", + "RemoteExec" + ] + } + }, + { + "c99e196b-e05e-41f2-82cb-6798f33cb653": { + "name": "cveSearch", + "deprecated": true, + "depends_on": [ + "cve-search" + ] + } + }, + { + "5e125fdd-72f1-455f-89fa-e6f9405174a4": { + "name": "NotInContextVerification" + } + }, + { + "ExtractDomain": { + "name": "ExtractDomain" + } + }, + { + "DemistoCreateList": { + "name": "DemistoCreateList", + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "ServiceNowQueryIncident": { + "name": "ServiceNowQueryIncident", + "depends_on": [ + "servicenow-query-table" + ] + } + }, + { + "MimecastQuery": { + "name": "MimecastQuery", + "depends_on": [ + "mimecast-query" + ] + } + }, + { + "misp_download_sample": { + "name": "misp_download_sample", + "depends_on": [ + "internal-misp-download-sample" + ] + } + }, + { + "ExchangeDeleteIDsFromContext": { + "name": "ExchangeDeleteIDsFromContext", + "deprecated": true, + "depends_on": [ + "ews-delete-items" + ] + } + }, + { + "DumpJSON": { + "name": "DumpJSON" + } + }, + { + "ADGetGroupComputers": { + "name": "ADGetGroupComputers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "TrendmicroAntiMalwareEventRetrieve": { + "name": "TrendmicroAntiMalwareEventRetrieve", + "depends_on": [ + "trendmicro-anti-malware-event-retrieve" + ] + } + }, + { + "Sleep": { + "name": "Sleep" + } + }, + { + "AdSearch": { + "name": "AdSearch", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "XBNotable": { + "name": "XBNotable", + "depends_on": [ + "xb-notable" + ] + } + }, + { + "GoogleappsGetUser": { + "name": "GoogleappsGetUser", + "deprecated": true, + "depends_on": [ + "googleapps-get-user" + ] + } + }, + { + "CBLiveFetchFiles": { + "name": "CBLiveFetchFiles", + "depends_on": [ + "CBLiveGetFile" + ], + "script_executions": [ + "CBLiveGetFile" + ] + } + }, + { + "JiraIssueAddLink": { + "name": "JiraIssueAddLink", + "deprecated": true, + "depends_on": [ + "jira-issue-add-link" + ] + } + }, + { + "ContextSearchForString": { + "name": "ContextSearchForString" + } + }, + { + "ShowOnMap": { + "name": "ShowOnMap" + } + }, + { + "CBFindIP": { + "name": "CBFindIP", + "depends_on": [ + "CBSearch" + ], + "script_executions": [ + "CBSearch" + ] + } + }, + { + "D2Rekall": { + "name": "D2Rekall" + } + }, + { + "CuckooGetReport": { + "name": "CuckooGetReport", + "depends_on": [ + "cuckoo-get-task-report" + ] + } + }, + { + "BinarySearchPy": { + "name": "BinarySearchPy", + "depends_on": [ + "cb-process" + ], + "script_executions": [ + "getEntries" + ] + } + }, + { + "Volatility": { + "name": "Volatility" + } + }, + { + "GrrGetFiles": { + "name": "GrrGetFiles", + "depends_on": [ + "grr_get_files" + ], + "script_executions": [ + "grr_get_files" + ] + } + }, + { + "FetchFileD2": { + "name": "FetchFileD2" + } + }, + { + "ToTable": { + "name": "ToTable" + } + }, + { + "XBLockouts": { + "name": "XBLockouts", + "depends_on": [ + "xb-lockouts" + ] + } + }, + { + "ExchangeAssignRole": { + "name": "ExchangeAssignRole" + } + }, + { + "GrrSetHunts": { + "name": "GrrSetHunts", + "depends_on": [ + "grr_set_hunts" + ], + "script_executions": [ + "grr_set_hunts" + ] + } + }, + { + "MaliciousRatioReputation": { + "name": "MaliciousRatioReputation", + "fromversion": "4.0.0", + "script_executions": [ + "findIndicators", + "maliciousRatio" + ] + } + }, + { + "EPOFindSystem": { + "name": "EPOFindSystem", + "depends_on": [ + "epo-command" + ] + } + }, + { + "TaniumAskQuestionComplex": { + "name": "TaniumAskQuestionComplex", + "deprecated": true, + "depends_on": [ + "tn-add-question-complex", + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "DataURLReputation": { + "name": "DataURLReputation", + "deprecated": true + } + }, + { + "DataHashReputation": { + "name": "DataHashReputation", + "toversion": "3.0.1", + "depends_on": [ + "file" + ] + } + }, + { + "GetIndicatorDBotScore": { + "name": "GetIndicatorDBotScore", + "fromversion": "3.5.0", + "script_executions": [ + "getIndicator" + ] + } + }, + { + "HTTPListRedirects": { + "name": "HTTPListRedirects" + } + }, + { + "DataHashReputation": { + "name": "DataHashReputation", + "deprecated": true, + "depends_on": [ + "file" + ] + } + }, + { + "CBEvents": { + "name": "CBEvents", + "depends_on": [ + "cb-process", + "process-events" + ] + } + }, + { + "Whois": { + "name": "Whois", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "MarkAsNoteByTag": { + "name": "MarkAsNoteByTag", + "script_executions": [ + "getEntries", + "markAsNote" + ] + } + }, + { + "TaniumApprovePendingActions": { + "name": "TaniumApprovePendingActions", + "deprecated": true, + "depends_on": [ + "tn-add-object", + "tn-get-object" + ] + } + }, + { + "GenericPollingScheduledTask": { + "name": "GenericPollingScheduledTask" + } + }, + { + "NessusListScans": { + "name": "NessusListScans", + "deprecated": true, + "depends_on": [ + "scans-list" + ] + } + }, + { + "TaniumAskQuestion": { + "name": "TaniumAskQuestion", + "deprecated": true, + "depends_on": [ + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "ExportToCSV": { + "name": "ExportToCSV" + } + }, + { + "URLReputation": { + "name": "URLReputation", + "script_executions": [ + "url" + ] + } + }, + { + "IncidentAddSystem": { + "name": "IncidentAddSystem" + } + }, + { + "FindSimilarIncidents": { + "name": "FindSimilarIncidents", + "script_executions": [ + "getContext" + ] + } + }, + { + "CPDeleteRule": { + "name": "CPDeleteRule", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint", + "checkpoint" + ] + } + }, + { + "RegexGroups": { + "name": "RegexGroups" + } + }, + { + "RemoteExec": { + "name": "RemoteExec", + "depends_on": [ + "ssh" + ] + } + }, + { + "PublishEntriesToContext": { + "name": "PublishEntriesToContext" + } + }, + { + "http": { + "name": "http", + "toversion": "3.1.0" + } + }, + { + "GoogleappsGetUserRoles": { + "name": "GoogleappsGetUserRoles", + "deprecated": true, + "depends_on": [ + "googleapps-get-user-roles" + ] + } + }, + { + "ExchangeDeleteMail": { + "name": "ExchangeDeleteMail" + } + }, + { + "SbUpload": { + "name": "SbUpload", + "depends_on": [ + "sb-upload" + ] + } + }, + { + "3dd62013-4fed-43eb-8ae4-91b1b4250599": { + "name": "OktaSetPassword", + "deprecated": true, + "depends_on": [ + "okta-set-password" + ] + } + }, + { + "D2Processes": { + "name": "D2Processes" + } + }, + { + "IncapListSites": { + "name": "IncapListSites", + "depends_on": [ + "incap-list-sites" + ] + } + }, + { + "ADGetEmailForAllUsers": { + "name": "ADGetEmailForAllUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CuckooTaskStatus": { + "name": "CuckooTaskStatus", + "depends_on": [ + "cuckoo-view-task" + ] + } + }, + { + "PWEvents": { + "name": "PWEvents", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "NexposeEmailParserForVuln": { + "name": "NexposeEmailParserForVuln", + "depends_on": [ + "nexpose" + ] + } + }, + { + "CloseInvestigationAsDuplicate": { + "name": "CloseInvestigationAsDuplicate", + "script_executions": [ + "linkIncidents" + ] + } + }, + { + "GetDuplicatesMl": { + "name": "GetDuplicatesMl", + "fromversion": "3.5.0", + "deprecated": true, + "script_executions": [ + "getIncidents", + "findIndicators", + "getIncidents" + ] + } + }, + { + "FailedInstances": { + "name": "FailedInstances", + "fromversion": "4.0.0" + } + }, + { + "UnPackFile": { + "name": "UnPackFile", + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "http": { + "name": "http", + "fromversion": "3.5.0" + } + }, + { + "DBotPredictPhishingLabel": { + "name": "DBotPredictPhishingLabel", + "fromversion": "4.1.0", + "script_executions": [ + "DBotPredictTextLabel" + ] + } + }, + { + "CPCreateBackup": { + "name": "CPCreateBackup", + "deprecated": true, + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "ExtractIP": { + "name": "ExtractIP" + } + }, + { + "CheckURLs": { + "name": "CheckURLs", + "deprecated": true, + "script_executions": [ + "url" + ] + } + }, + { + "SplunkPySearch": { + "name": "SplunkPySearch", + "depends_on": [ + "splunk-search" + ] + } + }, + { + "GrrGetHunts": { + "name": "GrrGetHunts", + "depends_on": [ + "grr_get_hunts" + ], + "script_executions": [ + "grr_get_hunts" + ] + } + }, + { + "ImpSfSetEndpointStatus": { + "name": "ImpSfSetEndpointStatus", + "depends_on": [ + "imp-sf-set-endpoint-status" + ] + } + }, + { + "PCAPMiner": { + "name": "PCAPMiner", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "D2GetFile": { + "name": "D2GetFile" + } + }, + { + "PagerDutyAssignOnCallUser": { + "name": "PagerDutyAssignOnCallUser", + "depends_on": [ + "PagerDuty-get-users-on-call-now" + ] + } + }, + { + "ExtractHTMLTables": { + "name": "ExtractHTMLTables" + } + }, + { + "ContainsCreditCardInfo": { + "name": "ContainsCreditCardInfo" + } + }, + { + "CBSearch": { + "name": "CBSearch" + } + }, + { + "DataDomainReputation": { + "name": "DataDomainReputation", + "toversion": "3.0.1" + } + }, + { + "DBotClosedIncidentsPercentage": { + "name": "DBotClosedIncidentsPercentage" + } + }, + { + "CBAlerts": { + "name": "CBAlerts", + "depends_on": [ + "cb-alert" + ] + } + }, + { + "ParseWordDoc": { + "name": "ParseWordDoc", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VolJson": { + "name": "VolJson" + } + }, + { + "SlackSend": { + "name": "SlackSend", + "deprecated": true, + "depends_on": [ + "slack-send" + ] + } + }, + { + "ExposeList": { + "name": "ExposeList", + "deprecated": true + } + }, + { + "VectraHealth": { + "name": "VectraHealth", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "D2ExecuteCommand": { + "name": "D2ExecuteCommand" + } + }, + { + "46e2109c-b735-458e-884f-030229a20830": { + "name": "SetByIncidentId" + } + }, + { + "dfa728bb-8291-4f8c-8185-53fad210f1b5": { + "name": "VerifyHumanReadableContains" + } + }, + { + "ContextGetPathForString": { + "name": "ContextGetPathForString" + } + }, + { + "LCMResolveHost": { + "name": "LCMResolveHost", + "depends_on": [ + "lcm-resolve-host" + ] + } + }, + { + "IsGreaterThan": { + "name": "IsGreaterThan" + } + }, + { + "SbQuota": { + "name": "SbQuota", + "depends_on": [ + "sb-quota" + ] + } + }, + { + "ContextFilter": { + "name": "ContextFilter" + } + }, + { + "O365SearchEmails": { + "name": "O365SearchEmails", + "script_executions": [ + "D2O365SearchAndDelete", + "D2O365ComplianceSearch" + ] + } + }, + { + "AnalyzeOSX": { + "name": "AnalyzeOSX", + "depends_on": [ + "url", + "Osxcollector", + "file" + ] + } + }, + { + "PWEventPcapDownload": { + "name": "PWEventPcapDownload", + "depends_on": [ + "event-pcap-download" + ] + } + }, + { + "AnalyzeMemImage": { + "name": "AnalyzeMemImage" + } + }, + { + "8bb47409-fffb-40c4-8601-d5fd20384e26": { + "name": "SetTime", + "script_executions": [ + "setIncident" + ] + } + }, + { + "JiraGetIssue": { + "name": "JiraGetIssue", + "deprecated": true, + "depends_on": [ + "jira-get-issue" + ] + } + }, + { + "ADExpirePassword": { + "name": "ADExpirePassword", + "deprecated": true, + "depends_on": [ + "ad-expire-password" + ] + } + }, + { + "ImpSfRevokeUnaccessedDevices": { + "name": "ImpSfRevokeUnaccessedDevices", + "depends_on": [ + "ImpSfSetEndpointStatus", + "ImpSfListEndpoints" + ], + "script_executions": [ + "SendEmail", + "ImpSfListEndpoints", + "ImpSfSetEndpointStatus" + ] + } + }, + { + "ADGetUser": { + "name": "ADGetUser", + "depends_on": [ + "ad-search" + ] + } + }, + { + "SendEmail": { + "name": "SendEmail", + "depends_on": [ + "send-mail" + ] + } + }, + { + "EPOCheckLatestDAT": { + "name": "EPOCheckLatestDAT", + "deprecated": true + } + }, + { + "PagerDutyAlertOnIncident": { + "name": "PagerDutyAlertOnIncident", + "depends_on": [ + "PagerDuty-submit-event" + ] + } + }, + { + "URLExtract": { + "name": "URLExtract", + "deprecated": true + } + }, + { + "TaniumDeployAction": { + "name": "TaniumDeployAction", + "deprecated": true, + "depends_on": [ + "tn-deploy-package" + ] + } + }, + { + "SendEmailToManager": { + "name": "SendEmailToManager", + "toversion": "3.1.0", + "depends_on": [ + "ad-search", + "send-mail" + ], + "script_executions": [ + "AdSearch", + "AdSearch", + "addOneTimeEntitlement" + ] + } + }, + { + "StringReplace": { + "name": "StringReplace" + } + }, + { + "TextFromHTML": { + "name": "TextFromHTML" + } + }, + { + "CPShowBackupStatus": { + "name": "CPShowBackupStatus", + "deprecated": true, + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "RunPollingCommand": { + "name": "RunPollingCommand", + "fromversion": "4.0.0" + } + }, + { + "CBWatchlists": { + "name": "CBWatchlists", + "depends_on": [ + "cb-watchlist-get" + ] + } + }, + { + "DamSensorDown": { + "name": "DamSensorDown", + "depends_on": [ + "dam-get-latest-by-rule" + ] + } + }, + { + "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { + "name": "OktaDeactivateUser", + "deprecated": true, + "depends_on": [ + "okta-deactivate-user" + ] + } + }, + { + "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { + "name": "NetwitnessQuery", + "depends_on": [ + "nw-sdk-query" + ] + } + }, + { + "CBSensors": { + "name": "CBSensors", + "depends_on": [ + "cb-list-sensors" + ] + } + }, + { + "VolRunCmds": { + "name": "VolRunCmds" + } + }, + { + "ADGetComputer": { + "name": "ADGetComputer", + "depends_on": [ + "ad-search" + ] + } + }, + { + "DemistoUploadFileToIncident": { + "name": "DemistoUploadFileToIncident", + "depends_on": [ + "demisto-api-multipart" + ] + } + }, + { + "SbDownload": { + "name": "SbDownload", + "depends_on": [ + "sb-download" + ] + } + }, + { + "OSQueryBasicQuery": { + "name": "OSQueryBasicQuery", + "depends_on": [ + "RemoteExec" + ], + "script_executions": [ + "RemoteExec" + ] + } + }, + { + "AggregateIOCs": { + "name": "AggregateIOCs", + "deprecated": true + } + }, + { + "LinkIncidentsWithRetry": { + "name": "LinkIncidentsWithRetry", + "script_executions": [ + "linkIncidents", + "linkIncidents" + ] + } + }, + { + "PDFUnlocker": { + "name": "PDFUnlocker", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "D2RegQuery": { + "name": "D2RegQuery" + } + }, + { + "ExtractURL": { + "name": "ExtractURL" + } + }, + { + "StringContains": { + "name": "StringContains" + } + }, + { + "CPBlockIP": { + "name": "CPBlockIP", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "TrendmicroSecurityProfileAssignToHost": { + "name": "TrendmicroSecurityProfileAssignToHost", + "depends_on": [ + "trendmicro-security-profile-assign-to-host" + ] + } + }, + { + "JiraCreateIssue-example": { + "name": "JiraCreateIssue-example", + "depends_on": [ + "jira-create-issue", + "jira-delete-issue" + ] + } + }, + { + "VolApihooks": { + "name": "VolApihooks" + } + }, + { + "ADGetCommonGroups": { + "name": "ADGetCommonGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUserGroups" + ] + } + }, + { + "NetwitnessSAGetComponents": { + "name": "NetwitnessSAGetComponents", + "depends_on": [ + "nw-get-components" + ] + } + }, + { + "QRadarGetCorrelationLogs": { + "name": "QRadarGetCorrelationLogs", + "depends_on": [ + "qradar-searches" + ], + "script_executions": [ + "QRadarFullSearch" + ] + } + }, + { + "CountArraySize": { + "name": "CountArraySize" + } + }, + { + "ConvertXmlToJson": { + "name": "ConvertXmlToJson" + } + }, + { + "D2PEDump": { + "name": "D2PEDump" + } + }, + { + "CBPFindComputer": { + "name": "CBPFindComputer", + "depends_on": [ + "cbp-computer-search" + ] + } + }, + { + "ClassifierNotifyAdmin": { + "name": "ClassifierNotifyAdmin", + "depends_on": [ + "send-mail" + ] + } + }, + { + "SlackAskUser": { + "name": "SlackAskUser", + "fromversion": "3.5.0", + "depends_on": [ + "slack-send" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "Exists": { + "name": "Exists" + } + }, + { + "NetwitnessSAGetEvents": { + "name": "NetwitnessSAGetEvents", + "depends_on": [ + "nw-get-events" + ] + } + }, + { + "DBotTrainTextClassifier": { + "name": "DBotTrainTextClassifier", + "fromversion": "4.1.0", + "script_executions": [ + "getFilePath", + "createList" + ] + } + }, + { + "CommonServer": { + "name": "CommonServer" + } + }, + { + "LCMDetectedIndicators": { + "name": "LCMDetectedIndicators", + "depends_on": [ + "lcm-indicators" + ] + } + }, + { + "SplunkSearch": { + "name": "SplunkSearch", + "deprecated": true, + "depends_on": [ + "search" + ] + } + }, + { + "IsIPInSubnet": { + "name": "IsIPInSubnet", + "deprecated": true + } + }, + { + "TrendmicroHostRetrieveAll": { + "name": "TrendmicroHostRetrieveAll", + "depends_on": [ + "trendmicro-host-retrieve-all" + ] + } + }, + { + "getMlFeatures": { + "name": "getMlFeatures", + "fromversion": "3.5.0", + "script_executions": [ + "findIndicators", + "getIncidents" + ] + } + }, + { + "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { + "name": "SEPScan", + "depends_on": [ + "sep-command-status" + ] + } + }, + { + "PrintContext": { + "name": "PrintContext" + } + }, + { + "D2O365SearchAndDelete": { + "name": "D2O365SearchAndDelete" + } + }, + { + "DBotPreparePhishingData": { + "name": "DBotPreparePhishingData", + "fromversion": "4.1.0", + "script_executions": [ + "getContext", + "getIncidents", + "createList", + "WordTokenizer" + ] + } + }, + { + "QRadarGetOffenseCorrelations": { + "name": "QRadarGetOffenseCorrelations", + "depends_on": [ + "qradar-searches" + ], + "script_executions": [ + "QRadarFullSearch" + ] + } + }, + { + "ShowScheduledEntries": { + "name": "ShowScheduledEntries" + } + }, + { + "EmailAskUserResponse": { + "name": "EmailAskUserResponse" + } + }, + { + "IsEmailAddressInternal": { + "name": "IsEmailAddressInternal" + } + }, + { + "DemistoGetIncidentTasksByState": { + "name": "DemistoGetIncidentTasksByState" + } + }, + { + "VectraGetHostById": { + "name": "VectraGetHostById", + "deprecated": true, + "depends_on": [ + "vec-get-host-by-id" + ] + } + }, + { + "DefaultIncidentClassifier": { + "name": "DefaultIncidentClassifier" + } + }, + { + "TestCreateTagTextFile": { + "name": "TestCreateTagTextFile", + "script_executions": [ + "createList" + ] + } + }, + { + "TestCreateWordFile": { + "name": "TestCreateWordFile" + } + }, + { + "GenerateImageFileEntry": { + "name": "GenerateImageFileEntry" + } + }, + { + "a18ff76e-c462-4daa-8be2-6a1b5308713f": { + "name": "TestCreateDuplicates" + } + }, + { + "c5cb179f-d6d2-4d87-8857-b224689d5b00": { + "name": "VerifyTreeToFlatObject" + } + }, + { + "GenerateUUID": { + "name": "GenerateUUID" + } + }, + { + "TestXml2JSON": { + "name": "TestXml2JSON" + } + }, + { + "3b260f00-772c-4d4e-84ea-e47226637497": { + "name": "VerifyHumanReadableEquals", + "fromversion": "3.6.0" + } + }, + { + "ValidateErrorExistence": { + "name": "ValidateErrorExistence", + "script_executions": [ + "getEntries" + ] + } + }, + { + "CompleteManualTask": { + "name": "CompleteManualTask", + "script_executions": [ + "DemistoGetIncidentTasksByState", + "taskComplete" + ] + } + }, + { + "GenerateIP": { + "name": "GenerateIP" + } + }, + { + "CarbonBlackResponseFilterSensors": { + "name": "CarbonBlackResponseFilterSensors" + } + }, + { + "RaiseError": { + "name": "RaiseError" + } + }, + { + "GenerateEmail": { + "name": "GenerateEmail" + } + }, + { + "PhishingIncident": { + "name": "PhishingIncident", + "script_executions": [ + "setIncident" + ] + } + }, + { + "VerifyTableToMarkDown": { + "name": "VerifyTableToMarkDown" + } + }, + { + "TestFormatTableValues": { + "name": "TestFormatTableValues" + } + }, + { + "TestCreateIncidents": { + "name": "TestCreateIncidents", + "script_executions": [ + "createNewIncident", + "createNewIncident" + ] + } + }, + { + "TestPYCommonServer": { + "name": "TestPYCommonServer" + } + }, + { + "CreateDuplicateIncident": { + "name": "CreateDuplicateIncident", + "script_executions": [ + "createNewIncident" + ] + } + }, + { + "c0eb84c3-8771-4f9f-833e-1017112d6215": { + "name": "ThrowException" + } + }, + { + "SsdeepReputationTest": { + "name": "SsdeepReputationTest", + "script_executions": [ + "findIndicators", + "createNewIndicator", + "createNewIndicator", + "createNewIndicator" + ] + } + }, + { + "CreateBinaryFile": { + "name": "CreateBinaryFile" + } + }, + { + "GetFirstObject": { + "name": "GetFirstObject" + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + } + ], + "playbooks": [ + { + "search_and_delete_emails_-_generic": { + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Search And Delete Emails - EWS" + ] + } + }, + { + "email_address_enrichment_-_generic": { + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", + "EmailDomainSquattingReputation" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_commands": [ + "setIncident", + "rasterize-email" + ] + } + }, + { + "playbook12": { + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "commentsToContext" + ], + "implementing_commands": [ + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", + "servicenow-incident-create" + ] + } + }, + { + "get_original_email_-_generic": { + "name": "Get Original Email - Generic", + "fromversion": 4.0, + "implementing_playbooks": [ + "Get Original Email - Gmail", + "Get Original Email - EWS" + ] + } + }, + { + "Detonate URL - Phish.AI": { + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "phish-ai-check-status", + "phish-ai-scan-url" + ] + } + }, + { + "Detonate URL - Cuckoo": { + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Sleep" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "cuckoo-view-task", + "cuckoo-get-task-report", + "cuckoo-create-task-from-url" + ] + } + }, + { + "get_file_sample_by_hash_-_generic": { + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "search_endpoints_by_hash_-_crowdstrike": { + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-details" + ] + } + }, + { + "get_file_sample_from_path_-_generic": { + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - D2" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_commands": [ + "rasterize-email" + ] + } + }, + { + "Detonate File - Lastline": { + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "lastline-upload-file", + "lastline-get-report" + ] + } + }, + { + "url_enrichment_-_generic": { + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "URLSSLVerification", + "Exists", + "URLReputation" + ], + "implementing_commands": [ + "rasterize" + ] + } + }, + { + "GenericPolling": { + "name": "GenericPolling", + "fromversion": "4.0.0", + "implementing_scripts": [ + "ScheduleGenericPolling", + "RunPollingCommand", + "PrintErrorEntry" + ] + } + }, + { + "playbook1": { + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExposeModules", + "Autoruns", + "Exists" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Critical assets" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_protection": { + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CBPFindRule", + "Set", + "CBPCatalogFindHash", + "Exists" + ], + "implementing_commands": [ + "cbp-computer-get" + ] + } + }, + { + "Incident Enrichment": { + "name": "Incident Enrichment", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractURL", + "ExtractHash", + "ExtractIP" + ], + "implementing_playbooks": [ + "Enrichment Playbook" + ] + } + }, + { + "playbook16": { + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Exists", + "SendEmail" + ], + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-search" + ] + } + }, + { + "CrowdStrike Falcon Sandbox - Detonate file": { + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "crowdstrike-detonate-file" + ] + } + }, + { + "Enrich McAfee DXL using 3rd party sandbox": { + "name": "Enrich McAfee DXL using 3rd party sandbox", + "implementing_scripts": [ + "CloseInvestigation", + "Exists" + ], + "implementing_playbooks": [ + "WildFire - Detonate file" + ], + "implementing_commands": [ + "dxl-send-event" + ] + } + }, + { + "Get File Sample From Hash - Carbon Black Enterprise Response": { + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "cb-binary-get" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "StringContains", + "Exists" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "Tenable.io Scan": { + "name": "Tenable.io Scan", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-scan-status" + ] + } + }, + { + "block_indicators_-_generic": { + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", + "Block Account - Generic" + ] + } + }, + { + "detonate_url_-_threatgrid": { + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "threat-grid-upload-sample", + "threat-grid-get-samples-state", + "threat-grid-url-to-file" + ] + } + }, + { + "TrendMicro Malware Alert Playbook": { + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetHostID" + ] + } + }, + { + "Google-Vault-Display-Results": { + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", + "gvault-get-mail-results" + ] + } + }, + { + "calculate_severity_-_3rd-party_integrations": { + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", + "Email Address Enrichment - Generic" + ] + } + }, + { + "detonate_url_-_joesecurity": { + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-submit-url", + "joe-analysis-info" + ] + } + }, + { + "CrowdStrike Falcon Sandbox - Detonate file": { + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "crowdstrike-submit-sample", + "crowdstrike-scan" + ] + } + }, + { + "crowdstrike_endpoint_enrichment": { + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", + "implementing_commands": [ + "cs-device-search", + "cs-device-details" + ] + } + }, + { + "cve_enrichment_-_generic": { + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "cveReputation" + ], + "implementing_commands": [ + "cve-search" + ] + } + }, + { + "get_file_sample_by_hash_-_cylance_protect": { + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", + "implementing_scripts": [ + "http", + "UnzipFile", + "Exists" + ], + "implementing_commands": [ + "cylance-protect-download-threat" + ] + } + }, + { + "dedup_incidents_-_ml": { + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Print", + "CloseInvestigationAsDuplicate", + "GetDuplicatesMl" + ] + } + }, + { + "playbook5": { + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", + "ExtractURL" + ], + "implementing_playbooks": [ + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", + "Detonate File - Generic" + ] + } + }, + { + "TIE - IOC Hunt": { + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", + "implementing_scripts": [ + "EPOFindSystem", + "Exists" + ], + "implementing_commands": [ + "tie-file-references" + ] + } + }, + { + "vulnerability_management_-_qualys_Job": { + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", + "implementing_scripts": [ + "QualysCreateIncidentFromReport", + "Set" + ], + "implementing_commands": [ + "qualys-report-fetch", + "closeInvestigation", + "qualys-report-list" + ] + } + }, + { + "get_original_email_-_gmail": { + "name": "Get Original Email - Gmail", + "fromversion": 4.0, + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_commands": [ + "gmail-get-attachments", + "gmail-search", + "gmail-get-mail" + ] + } + }, + { + "detonate_url_-_mcafee_atd": { + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "atd-get-report", + "atd-check-status", + "atd-file-upload" + ] + } + }, + { + "Detonate URL - Lastline": { + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "lastline-get-report", + "lastline-upload-url" + ] + } + }, + { + "Detonate File - Generic": { + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "CrowdStrike Falcon Sandbox - Detonate file", + "WildFire - Detonate file" + ] + } + }, + { + "process_email_-_ews": { + "name": "Process Email - EWS", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "ews-get-attachment" + ] + } + }, + { + "playbook7": { + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "IsIntegrationAvailable", + "Exists" + ], + "implementing_commands": [ + "slack-send", + "ExposeModules" + ] + } + }, + { + "get_file_sample_from_path_-_d2": { + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IncidentAddSystem", + "FetchFileD2" + ] + } + }, + { + "get_original_email_-_ews": { + "name": "Get Original Email - EWS", + "fromversion": 4.0, + "implementing_scripts": [ + "DeleteContext", + "Set" + ], + "implementing_commands": [ + "ews-search-mailbox", + "ews-get-attachment", + "ews-get-items" + ] + } + }, + { + "playbook17": { + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CBPFindRule", + "CBPCatalogFindHash", + "Exists" + ] + } + }, + { + "calculate_severity_-_critical_assets": { + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", + "implementing_scripts": [ + "StringContains", + "Set", + "Exists" + ] + } + }, + { + "playbook14": { + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", + "CPCreateBackup" + ] + } + }, + { + "endpoint_enrichment_-_generic": { + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "EPOFindSystem", + "Exists", + "ADGetComputer" + ], + "implementing_playbooks": [ + "CrowdStrike Endpoint Enrichment" + ], + "implementing_commands": [ + "cylance-protect-get-devices", + "cb-sensor-info", + "so-agents-query" + ] + } + }, + { + "access_investigation_-_qradar": { + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "QRadar - Get offense correlations", + "Access Investigation - Generic" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "Google-Vault-Search-Groups": { + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", + "gvault-get-groups-results" + ] + } + }, + { + "DBotCreatePhishingClassifier": { + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", + "implementing_scripts": [ + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", + "DBotPreparePhishingData" + ] + } + }, + { + "detonate_url_-_generic": { + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", + "Detonate URL - McAfee ATD" + ] + } + }, + { + "tenable-sc-scan": { + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "tenable-sc-get-scan-report", + "tenable-sc-launch-scan" + ] + } + }, + { + "detonate_file_from_url_-_wildfire": { + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "wildfire-upload-file-remote", + "wildfire-report" + ] + } + }, + { + "block_endpoint_-_carbon_black_response": { + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", + "implementing_commands": [ + "cb-sensor-info", + "cb-quarantine-device" + ] + } + }, + { + "close_incident_if_duplicate_found": { + "name": "DeDup incidents", + "fromversion": "3.5.0", + "implementing_scripts": [ + "FindSimilarIncidents", + "CloseInvestigationAsDuplicate" + ] + } + }, + { + "scan_assets_nexpose": { + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "nexpose-start-assets-scan", + "nexpose-get-scan" + ] + } + }, + { + "extract_indicators_-_generic": { + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", + "ExtractIP" + ] + } + }, + { + "playbook0": { + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", + "NexposeEmailParser" + ], + "implementing_playbooks": [ + "Enrichment Playbook" + ] + } + }, + { + "dedup_-_generic": { + "name": "Dedup - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", + "FindSimilarIncidents" + ] + } + }, + { + "malware_investigation-_generic_-_setup": { + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", + "Search Endpoints By Hash - Generic" + ] + } + }, + { + "block_file_-_carbon_black_response": { + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", + "implementing_commands": [ + "cb-get-hash-blacklist", + "cb-block-hash" + ] + } + }, + { + "search_and_delete_emails_-_ews": { + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", + "implementing_scripts": [ + "BuildEWSQuery" + ], + "implementing_commands": [ + "ews-search-mailboxes", + "ews-delete-items" + ] + } + }, + { + "Detonate File - BitDam": { + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "bitdam-upload-file", + "bitdam-get-verdict" + ] + } + }, + { + "MAR - Endpoint data collection": { + "name": "MAR - Endpoint data collection", + "implementing_scripts": [ + "EPOFindSystem", + "Exists" + ], + "implementing_commands": [ + "mar-search-multiple" + ] + } + }, + { + "Google-Vault-Search-Drive": { + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", + "gvault-download-results" + ] + } + }, + { + "process_email_-_add_custom_fields": { + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IncidentSet" + ] + } + }, + { + "detonate_url_-_crowdstrike": { + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "crowdstrike-submit-url", + "crowdstrike-scan" + ] + } + }, + { + "ip_enrichment_generic": { + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IsIPInRanges", + "IPToHost", + "IPReputation" + ], + "implementing_playbooks": [ + "Endpoint Enrichment - Generic" + ], + "implementing_commands": [ + "vt-private-get-ip-report" + ] + } + }, + { + "domain_enrichment_generic": { + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DomainReputation" + ] + } + }, + { + "QRadarFullSearch": { + "name": "QRadarFullSearch", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "qradar-get-search", + "qradar-get-search-results", + "qradar-searches" + ] + } + }, + { + "Arcsight - Get events related to the Case": { + "name": "Arcsight - Get events related to the Case", + "implementing_scripts": [ + "IncidentSet", + "Set", + "Exists" + ], + "implementing_commands": [ + "as-get-security-events", + "as-get-case", + "as-get-case-event-ids" + ] + } + }, + { + "Account Enrichment": { + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "malware_investigation-_generic": { + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", + "Detonate File - Generic" + ] + } + }, + { + "QRadar - Get offense correlations ": { + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", + "implementing_scripts": [ + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", + "Exists" + ] + } + }, + { + "QRadar - Get offense correlations ": { + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", + "implementing_scripts": [ + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations" + ] + } + }, + { + "block_ip_-_generic": { + "name": "Block IP - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PanoramaBlockIP" + ], + "implementing_playbooks": [ + "Add Indicator to Miner - Palo Alto MineMeld" + ], + "implementing_commands": [ + "zscaler-blacklist-ip", + "checkpoint-block-ip" + ] + } + }, + { + "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IncidentSet" + ] + } + }, + { + "playbook3": { + "name": "Ransomware Playbook - Manual", + "fromversion": "2.5.0" + } + }, + { + "Enrich DXL with ATD verdict": { + "name": "Enrich DXL with ATD verdict", + "implementing_scripts": [ + "CloseInvestigation", + "Exists" + ], + "implementing_playbooks": [ + "ATD - Detonate File" + ], + "implementing_commands": [ + "dxl-send-event" + ] + } + }, + { + "Detonate File - SNDBOX": { + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "playbook2": { + "name": "Phishing Playbook - Manual", + "fromversion": "2.5.0" + } + }, + { + "Hunt for bad IOCs": { + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", + "implementing_playbooks": [ + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", + "Carbon black Protection Rapid IOC Hunting" + ] + } + }, + { + "extract_indicators_from_file_-_generic": { + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "ReadPDFFile", + "Set", + "ExtractIndicatorsFromTextFile" + ] + } + }, + { + "Sentinel One - Endpoint data collection": { + "name": "Sentinel One - Endpoint data collection", + "implementing_scripts": [ + "Print", + "Exists" + ], + "implementing_commands": [ + "so-agents-query", + "so-get-agent-processes" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_playbooks": [ + "Get Original Email - Generic" + ], + "implementing_commands": [ + "setIncident", + "rasterize-email" + ] + } + }, + { + "playbook13": { + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "commentsToContext", + "Ping" + ], + "implementing_commands": [ + "servicenow-incident-create" + ] + } + }, + { + "vulnerability_handling_-_nexpose": { + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", + "setIncident" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "StringContains", + "Exists" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "playbook8": { + "name": "Lost / Stolen Device Playbook", + "fromversion": "2.5.0" + } + }, + { + "vulnerability_handling_-_qualys": { + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "DisplayHTML" + ], + "implementing_playbooks": [ + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "qualys-host-list", + "qualys-vulnerability-list" + ] + } + }, + { + "playbook10": { + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", + "ExtractURL" + ], + "implementing_playbooks": [ + "Hunt for bad IOCs" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_response": { + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "CBFindHash" + ] + } + }, + { + "scan_site_nexpose": { + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-scan" + ] + } + }, + { + "PanoramaCommitConfiguration": { + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", + "panorama-commit-status" + ] + } + }, + { + "Failed Login Playbook With Slack": { + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", + "SlackAskUser" + ], + "implementing_commands": [ + "slack-send" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "toversion": "3.1.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-report" + ] + } + }, + { + "File Enrichment - Generic": { + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "File Enrichment - File reputation", + "File Enrichment - Virus Total Private API" + ], + "implementing_commands": [ + "cylance-protect-get-threat", + "pan-appframework-search-by-file-hash" + ] + } + }, + { + "vulnerability_management_-_nexpose_job": { + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", + "implementing_scripts": [ + "NexposeCreateIncidentsFromAssets" + ], + "implementing_commands": [ + "closeInvestigation", + "nexpose-create-assets-report", + "nexpose-search-assets" + ] + } + }, + { + "Archer initiate incident": { + "name": "Archer initiate incident", + "fromversion": "3.5.0", + "implementing_commands": [ + "archer-get-file" + ] + } + }, + { + "block_file_-_generic": { + "name": "Block File - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Block File - Carbon Black Response" + ] + } + }, + { + "calculate_severity_-_critical_assets": { + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", + "implementing_scripts": [ + "StringContains", + "Set" + ] + } + }, + { + "add_indicator_to_miner_-_palo_alto_mineMeld": { + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", + "implementing_commands": [ + "minemeld-add-to-miner" + ] + } + }, + { + "domain_enrichment_generic": { + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "DomainReputation" + ], + "implementing_commands": [ + "vt-private-get-domain-report" + ] + } + }, + { + "playbook11": { + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", + "SendEmail" + ], + "implementing_commands": [ + "epo-update-repository", + "epo-get-latest-dat", + "epo-get-current-dat" + ] + } + }, + { + "url_enrichment_-_generic": { + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "URLSSLVerification", + "Exists", + "URLReputation" + ], + "implementing_commands": [ + "vt-private-get-url-report", + "rasterize" + ] + } + }, + { + "entity_enrichment_generic": { + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", + "IP Enrichment - Generic" + ] + } + }, + { + "search_endpoints_by_hash_-_generic": { + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Protection" + ] + } + }, + { + "malware_investigation-_generic": { + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", + "Detonate File - Generic" + ] + } + }, + { + "calculate_severity_-_indicators_dbotscore": { + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ] + } + }, + { + "Detonate File - Cuckoo": { + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Sleep" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-create-task-from-file" + ] + } + }, + { + "Account Enrichment": { + "name": "Account Enrichment", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "entity_enrichment_generic": { + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", + "IP Enrichment - Generic" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ] + } + }, + { + "DBotCreatePhishingClassifierJob": { + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "DBot Create Phishing Classifier" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "playbook5": { + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", + "ExtractURL" + ], + "implementing_playbooks": [ + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", + "Enrichment Playbook" + ] + } + }, + { + "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation" + ], + "implementing_commands": [ + "TwilioSendSMS", + "slack-send", + "demisto-api-get", + "setIncident" + ] + } + }, + { + "Google-Vault-Search-Mail": { + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", + "gvault-download-results" + ] + } + }, + { + "ATD - Detonate File": { + "name": "ATD - Detonate File", + "toversion": "3.6.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "detonate-file" + ] + } + }, + { + "block_account_-_generic": { + "name": "Block Account - Generic", + "fromversion": "4.0.0", + "implementing_commands": [ + "ad-disable-account" + ] + } + }, + { + "file_enrichment_-_virus_total_private_api": { + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", + "implementing_commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-file-report" + ] + } + }, + { + "file_enrichment_-_file_reputation": { + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", + "implementing_scripts": [ + "FileReputation" + ] + } + }, + { + "block_url_-_generic": { + "name": "Block URL - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Add Indicator to Miner - Palo Alto MineMeld" + ], + "implementing_commands": [ + "zscaler-blacklist-url" + ] + } + }, + { + "Process Email": { + "name": "Process Email", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ] + } + }, + { + "playbook15": { + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", + "implementing_commands": [ + "tn-deploy-package", + "tn-ask-question", + "tn-get-saved-question" + ] + } + }, + { + "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "cb-binary-get" + ] + } + }, + { + "Get File Sample From Hash - Cylance Protect": { + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "http", + "UnzipFile", + "Exists" + ], + "implementing_commands": [ + "cylance-protect-download-threat" + ] + } + }, + { + "access_investigation_-_generic": { + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "ADGetUser", + "EmailAskUser" + ], + "implementing_playbooks": [ + "IP Enrichment - Generic", + "Account Enrichment - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "setIncident" + ] + } + }, + { + "search_endpoints_by_hash_-_tie": { + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", + "implementing_scripts": [ + "EPOFindSystem" + ], + "implementing_commands": [ + "tie-file-references" + ] + } + }, + { + "get_file_sample_from_path_-_carbon_black_enterprise_response": { + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CBLiveGetFile", + "Exists" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "wildfire-report", + "detonate-file" + ] + } + }, + { + "Detonate File - Generic": { + "name": "Detonate File - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", + "Detonate File - ThreatGrid" + ] + } + }, + { + "D2 - Endpoint data collection": { + "name": "D2 - Endpoint data collection", + "implementing_scripts": [ + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", + "AreValuesEqual" + ] + } + }, + { + "Enrichment Playbook": { + "name": "Enrichment Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "FileReputation", + "IPReputation", + "Exists", + "URLReputation" + ] + } + }, + { + "Office 365 Search and Delete": { + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", + "ews-o365-start-compliance-search" + ] + } + }, + { + "dbot_indicator_enrichment_-_generic": { + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "GetIndicatorDBotScore" + ] + } + }, + { + "playbook0": { + "name": "Default", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Calculate Severity - Generic" + ] + } + }, + { + "File Enrichment - Generic": { + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "FileReputation" + ] + } + }, + { + "ATD - Detonate File": { + "name": "ATD - Detonate File", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "atd-get-report", + "atd-file-upload", + "atd-check-status" + ] + } + }, + { + "account_enrichment_-_generic": { + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "detonatefile_-_joesecurity": { + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-info", + "joe-analysis-submit-sample" + ] + } + }, + { + "ip_enrichment_generic": { + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsIPInRanges", + "IPReputation", + "Exists" + ] + } + }, + { + "Detonate files": { + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "SandboxDetonateFile", + "Exists" + ] + } + }, + { + "detonate_file_from_url_-_joesecurity": { + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-submit-sample" + ] + } + }, + { + "Carbon Black Rapid IOC Hunting": { + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CBFindHash", + "Exists" + ] + } + }, + { + "email_address_enrichment_-_generic": { + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", + "EmailDomainSquattingReputation" + ] + } + }, + { + "Endpoint data collection": { + "name": "Endpoint data collection", + "implementing_scripts": [ + "AreValuesEqual" + ], + "implementing_playbooks": [ + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", + "D2 - Endpoint data collection" + ] + } + }, + { + "Get File Sample From Hash - Generic": { + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", + "implementing_playbooks": [ + "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-report" + ] + } + }, + { + "detonate_file_-_threatgrid": { + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "threat-grid-upload-sample", + "threat-grid-get-samples-state" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + } + ], + "integrations": [ + { + "Cybereason": { + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", + "cybereason-update-malop-status" + ] + } + }, + { + "Giphy": { + "name": "Giphy", + "commands": [ + "giphy" + ] + } + }, + { + "RSA NetWitness Packets and Logs": { + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", + "nw-broker-mon" + ] + } + }, + { + "ReversingLabs A1000": { + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", + "reversinglabs-download-unpacked" + ] + } + }, + { + "VMware": { + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", + "vmware-get-events" + ] + } + }, + { + "RSA Archer": { + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", + "archer-get-user-id" + ] + } + }, + { + "vmray": { + "name": "vmray", + "commands": [ + "upload_sample", + "get_results", + "get_job_sample" + ] + } + }, + { + "jira": { + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", + "jira-delete-issue" + ] + } + }, + { + "Verodin": { + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", + "verodin-job-cancel" + ] + } + }, + { + "dnstwist": { + "name": "dnstwist", + "commands": [ + "dnstwist-domain-variations" + ] + } + }, + { + "EWS": { + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", + "ews-move-item" + ] + } + }, + { + "OpenPhish": { + "name": "OpenPhish", + "commands": [ + "url", + "openphish-reload", + "openphish-status" + ] + } + }, + { + "McAfee NSM": { + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", + "nsm-get-attacks" + ] + } + }, + { + "ipinfo": { + "name": "ipinfo", + "commands": [ + "ip", + "ipinfo_field" + ] + } + }, + { + "Cuckoo Sandbox": { + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", + "cuckoo-machine-view" + ] + } + }, + { + "Moloch": { + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", + "moloch_unique_json" + ] + } + }, + { + "Demisto REST API": { + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", + "demisto-delete-incidents" + ] + } + }, + { + "Symantec Advanced Threat Protection": { + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", + "satp-incidents" + ] + } + }, + { + "McAfee Active Response": { + "name": "McAfee Active Response", + "commands": [ + "mar-search", + "mar-collectors-list", + "mar-search-multiple" + ] + } + }, + { + "Aella Star Light": { + "name": "Aella Star Light", + "commands": [ + "aella-get-event" + ] + } + }, + { + "Zendesk": { + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", + "zendesk-get-article" + ] + } + }, + { + "Cisco CloudLock": { + "name": "Cisco CloudLock", + "commands": [ + "cloudlock-get-users", + "cloudlock-get-user-apps", + "cloudlock-get-activities" + ] + } + }, + { + "carbonblackliveresponse": { + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", + "cb-push-file-to-endpoint" + ] + } + }, + { + "Check Point Sandblast Appliance": { + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download" + ] + } + }, + { + "Pipl": { + "name": "Pipl", + "fromversion": "3.5.0", + "commands": [ + "pipl-search", + "email" + ] + } + }, + { + "Forcepoint": { + "name": "Forcepoint", + "commands": [ + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", + "fp-delete-address-from-category" + ] + } + }, + { + "FireEye HX": { + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", + "fireeye-hx-get-host-set-information" + ] + } + }, + { + "Threat Crowd": { + "name": "Threat Crowd", + "commands": [ + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", + "threat-crowd-file" + ] + } + }, + { + "Palo Alto AppFramework": { + "name": "Palo Alto AppFramework", + "commands": [ + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", + "pan-appframework-search-by-file-hash" + ] + } + }, + { + "Phishme Intelligence": { + "name": "Phishme Intelligence", + "commands": [ + "url", + "file", + "ip", + "phishme-search", + "email" + ] + } + }, + { + "Remedy AR": { + "name": "Remedy AR", + "commands": [ + "remedy-get-server-details" + ] + } + }, + { + "Intezer": { + "name": "Intezer", + "commands": [ + "file", + "intezer-upload" + ] + } + }, + { + "AlgoSec": { + "name": "AlgoSec", + "commands": [ + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", + "algosec-query" + ] + } + }, + { + "Zoom": { + "name": "Zoom", + "commands": [ + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", + "zoom-delete-user" + ] + } + }, + { + "Cuckoo Sandbox": { + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", + "cuckoo-machine-view" + ] + } + }, + { + "Threat Grid": { + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-processes" + ] + } + }, + { + "QRadar": { + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", + "qradar-delete-reference-set-value" + ] + } + }, + { + "SplunkPy": { + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", + "splunk-parse-raw" + ] + } + }, + { + "TruSTAR": { + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", + "domain" + ] + } + }, + { + "LogRhythm": { + "name": "LogRhythm", + "commands": [ + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", + "lr-get-alarms" + ] + } + }, + { + "Service Manager": { + "name": "Service Manager", + "commands": [ + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", + "hpsm-get-device" + ] + } + }, + { + "Trend Micro": { + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", + "trendmicro-anti-malware-event-retrieve" + ] + } + }, + { + "Netskope": { + "name": "Netskope", + "commands": [ + "netskope-events", + "netskope-alerts" + ] + } + }, + { + "McAfee Web Gateway": { + "name": "McAfee Web Gateway", + "commands": [ + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", + "mwg-delete-entry" + ] + } + }, + { + "ArcSight Logger": { + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", + "as-search" + ] + } + }, + { + "carbonblack-v2": { + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", + "cb-watchlist" + ] + } + }, + { + "Zscaler": { + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", + "zscaler-get-whitelist" + ] + } + }, + { + "Check Point Sandblast": { + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", + "sandblast-quota" + ] + } + }, + { + "fireeye": { + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config" + ] + } + }, + { + "Awake Security": { + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", + "device" + ] + } + }, + { + "Skyformation": { + "name": "Skyformation", + "commands": [ + "skyformation-get-accounts", + "skyformation-suspend-user", + "skyformation-unsuspend-user" + ] + } + }, + { + "Cisco Spark": { + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", + "cisco-spark-send-message-to-room" + ] + } + }, + { + "ArcSight ESM": { + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", + "as-case-delete" + ] + } + }, + { + "Rapid7 Nexpose": { + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", + "nexpose-get-scans" + ] + } + }, + { + "Cylance Protect v2": { + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", + "cylance-protect-delete-devices" + ] + } + }, + { + "Cyber Triage": { + "name": "Cyber Triage", + "commands": [ + "ct-triage-endpoint" + ] + } + }, + { + "Endgame": { + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", + "endgame-investigation-status" + ] + } + }, + { + "Kenna": { + "name": "Kenna", + "commands": [ + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", + "kenna-update-vulnerability" + ] + } + }, + { + "Cisco Meraki": { + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", + "meraki-update-firewall-rules" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote" + ] + } + }, + { + "AWS Sagemaker": { + "name": "AWS Sagemaker", + "commands": [ + "predict-phishing" + ] + } + }, + { + "VxStream": { + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", + "crowdstrike-submit-file-by-url" + ] + } + }, + { + "DomainTools": { + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", + "domainProfile" + ] + } + }, + { + "Jask": { + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", + "jask-search-entities" + ] + } + }, + { + "Server Message Block (SMB)": { + "name": "Server Message Block (SMB)", + "commands": [ + "smb-download" + ] + } + }, + { + "McAfee ESM-v10": { + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", + "esm-list-alarm-events" + ] + } + }, + { + "nmap": { + "name": "nmap", + "commands": [ + "nmap-scan" + ] + } + }, + { + "ReversingLabs Titanium Cloud": { + "name": "ReversingLabs Titanium Cloud", + "commands": [ + "file" + ] + } + }, + { + "Farsight DNSDB": { + "name": "Farsight DNSDB", + "commands": [ + "dnsdb-rdata", + "dnsdb-rrset" + ] + } + }, + { + "Symantec MSS": { + "name": "Symantec MSS", + "commands": [ + "symantec-mss-update-incident", + "symantec-mss-get-incident", + "symantec-mss-incidents-list" + ] + } + }, + { + "EWS Mail Sender": { + "name": "EWS Mail Sender", + "commands": [ + "send-mail" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", + "wildfire-upload-file-remote" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote" + ] + } + }, + { + "AlienVault OTX": { + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", + "url" + ] + } + }, + { + "Windows Defender Advanced Threat Protection": { + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", + "microsoft-atp-list-alerts" + ] + } + }, + { + "Mail Sender (New)": { + "name": "Mail Sender (New)", + "commands": [ + "send-mail" + ] + } + }, + { + "Attivo Botsink": { + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", + "attivo-list-users" + ] + } + }, + { + "Sample Incident Generator": { + "name": "Sample Incident Generator" + } + }, + { + "Hybrid Analysis": { + "name": "Hybrid Analysis", + "fromversion": "3.6.1", + "commands": [ + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", + "hybrid-analysis-detonate-file" + ] + } + }, + { + "Anomali ThreatStream": { + "name": "Anomali ThreatStream", + "commands": [ + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", + "ip" + ] + } + }, + { + "PacketMail": { + "name": "PacketMail", + "commands": [ + "packetmail-ip" + ] + } + }, + { + "Qualys": { + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", + "qualys-pc-scan-fetch" + ] + } + }, + { + "Cisco Umbrella Investigate": { + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", + "umbrella-get-url-timeline" + ] + } + }, + { + "Carbon Black Defense": { + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", + "cbd-set-policy" + ] + } + }, + { + "Lockpath KeyLight": { + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", + "kl-delete-record-attachments" + ] + } + }, + { + "OPSWAT-Metadefender": { + "name": "OPSWAT-Metadefender", + "commands": [ + "opswat-hash", + "opswat-scan-file", + "opswat-scan-result" + ] + } + }, + { + "ActiveMQ": { + "name": "ActiveMQ", + "commands": [ + "activemq-send", + "activemq-subscribe" + ] + } + }, + { + "Cisco Email Security Appliance (IronPort)": { + "name": "Cisco Email Security Appliance (IronPort)", + "commands": [ + "ironport-report" + ] + } + }, + { + "Qualys": { + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", + "qualys-pc-scan-fetch" + ] + } + }, + { + "IsItPhishing": { + "name": "IsItPhishing", + "commands": [ + "url" + ] + } + }, + { + "okta": { + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user" + ] + } + }, + { + "AWS - EC2": { + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-modify-instance-attribute" + ] + } + }, + { + "Blockade.io": { + "name": "Blockade.io", + "commands": [ + "blockade-get-indicators", + "blockade-add-indicators" + ] + } + }, + { + "AlphaSOC Network Behavior Analytics": { + "name": "AlphaSOC Network Behavior Analytics" + } + }, + { + "Recorded Future": { + "name": "Recorded Future", + "commands": [ + "domain", + "ip", + "file", + "recorded-future-get-related-entities" + ] + } + }, + { + "CVE Search": { + "name": "CVE Search", + "commands": [ + "cve-search", + "cve-latest" + ] + } + }, + { + "SNDBOX": { + "name": "SNDBOX", + "commands": [ + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", + "sndbox-download-sample" + ] + } + }, + { + "Demisto Lock": { + "name": "Demisto Lock", + "commands": [ + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", + "demisto-lock-release-all" + ] + } + }, + { + "F5 firewall": { + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", + "f5-list-all-user-sessions" + ] + } + }, + { + "MimecastV2": { + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", + "mimecast-download-attachments" + ] + } + }, + { + "Zendesk": { + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", + "zendesk-get-article" + ] + } + }, + { + "RedCanary": { + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", + "redcanary-get-detection" + ] + } + }, + { + "Joe Security": { + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", + "joe-download-sample" + ] + } + }, + { + "AWS - CloudTrail": { + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", + "aws-cloudtrail-lookup-events" + ] + } + }, + { + "ThreatExchange": { + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", + "threatexchange-members" + ] + } + }, + { + "Dell Secureworks": { + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-tickets-ids" + ] + } + }, + { + "Amazon Web Services": { + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", + "aws-get-ebs-volume-info" + ] + } + }, + { + "ArcSight XML": { + "name": "ArcSight XML", + "commands": [ + "arcsight-update-case", + "arcsight-fetch-xml" + ] + } + }, + { + "VirusTotal": { + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", + "vt-comments-get" + ] + } + }, + { + "MxToolBox": { + "name": "MxToolBox", + "commands": [ + "mxtoolbox" + ] + } + }, + { + "Check Point Sandblast Appliance": { + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download" + ] + } + }, + { + "LightCyber Magna": { + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", + "lcm-host-autoruns" + ] + } + }, + { + "Packetsled": { + "name": "Packetsled", + "commands": [ + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", + "packetsled-get-events" + ] + } + }, + { + "Censys": { + "name": "Censys", + "commands": [ + "cen-view", + "cen-search" + ] + } + }, + { + "Imperva Skyfence": { + "name": "Imperva Skyfence", + "commands": [ + "imp-sf-list-endpoints", + "imp-sf-set-endpoint-status" + ] + } + }, + { + "ProtectWise": { + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", + "get-token" + ] + } + }, + { + "Palo Alto Minemeld": { + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", + "minemeld-get-all-miners-names" + ] + } + }, + { + "GoogleSafeBrowsing": { + "name": "GoogleSafeBrowsing", + "commands": [ + "url" + ] + } + }, + { + "Salesforce": { + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", + "salesforce-delete-case" + ] + } + }, + { + "SCADAfence CNM": { + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", + "scadafence-getAllConnections" + ] + } + }, + { + "HashiCorp Vault": { + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", + "hashicorp-create-token" + ] + } + }, + { + "Proofpoint TAP": { + "name": "Proofpoint TAP", + "commands": [ + "proofpoint-get-events" + ] + } + }, + { + "Threat Grid": { + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed" + ] + } + }, + { + "iDefense": { + "name": "iDefense", + "commands": [ + "ip", + "domain", + "url", + "idefense-general", + "uuid" + ] + } + }, + { + "FalconIntel": { + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", + "cs-report-pdf" + ] + } + }, + { + "Venafi": { + "name": "Venafi", + "commands": [ + "venafi-get-certificates", + "venafi-get-certificate-details" + ] + } + }, + { + "CyberArkAIM": { + "name": "CyberArkAIM", + "commands": [ + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", + "account-details" + ] + } + }, + { + "Autofocus": { + "name": "Autofocus", + "commands": [ + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", + "file" + ] + } + }, + { + "AbuseIPDB": { + "name": "AbuseIPDB", + "commands": [ + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", + "abuseipdb-get-categories" + ] + } + }, + { + "McAfee Threat Intelligence Exchange": { + "name": "McAfee Threat Intelligence Exchange", + "commands": [ + "file", + "tie-set-file-reputation", + "tie-file-references" + ] + } + }, + { + "Check Point": { + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", + "checkpoint-delete-rule" + ] + } + }, + { + "PagerDuty v2": { + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", + "PagerDuty-acknowledge-event" + ] + } + }, + { + "Gmail": { + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", + "gmail-add-filter" + ] + } + }, + { + "Centreon": { + "name": "Centreon", + "commands": [ + "centreon-get-host-status", + "centreon-get-service-status" + ] + } + }, + { + "RSA NetWitness Endpoint": { + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", + "netwitness-blacklist-domains" + ] + } + }, + { + "PassiveTotal": { + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", + "pt-ssl-cert-search" + ] + } + }, + { + "ProtectWise": { + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", + "get-token" + ] + } + }, + { + "SentinelOne": { + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", + "so-reslove-threats" + ] + } + }, + { + "AMP": { + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", + "amp_get_version" + ] + } + }, + { + "AWS - SQS": { + "name": "AWS - SQS", + "commands": [ + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", + "aws-sqs-purge-queue" + ] + } + }, + { + "carbonblackliveresponse": { + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-terminate-process" + ] + } + }, + { + "AWS - Route53": { + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record" + ] + } + }, + { + "Tanium": { + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", + "tn-get-action" + ] + } + }, + { + "FireEye ETP": { + "name": "FireEye ETP", + "commands": [ + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", + "fireeye-etp-get-alert" + ] + } + }, + { + "InfoArmor VigilanteATI": { + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-account-usage-info" + ] + } + }, + { + "IBM Resilient Systems": { + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", + "rs-incidents-get-tasks" + ] + } + }, + { + "AWS - IAM": { + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", + "aws-iam-delete-account-alias" + ] + } + }, + { + "Symantec Endpoint Protection": { + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", + "sep-client-content" + ] + } + }, + { + "SumoLogic": { + "name": "SumoLogic", + "commands": [ + "search" + ] + } + }, + { + "Pwned": { + "name": "Pwned", + "commands": [ + "pwned-email", + "pwned-domain", + "email" + ] + } + }, + { + "urlscan.io": { + "name": "urlscan.io", + "toversion": "3.1.0", + "commands": [ + "url", + "ip", + "file", + "urlscan-submit" + ] + } + }, + { + "Lastline": { + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", + "lastline-get-task-list" + ] + } + }, + { + "urlscan.io": { + "name": "urlscan.io", + "fromversion": "3.5.0", + "commands": [ + "urlscan-search", + "urlscan-submit", + "url" + ] + } + }, + { + "OpsGenie": { + "name": "OpsGenie", + "commands": [ + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", + "opsgenie-get-schedule-timeline" + ] + } + }, + { + "McAfeeDAM": { + "name": "McAfeeDAM", + "commands": [ + "dam-get-alert-by-id", + "dam-get-latest-by-rule" + ] + } + }, + { + "okta": { + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", + "okta-get-group-members" + ] + } + }, + { + "Devo": { + "name": "Devo", + "commands": [ + "devo-query" + ] + } + }, + { + "AWS - Security Hub": { + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", + "aws-securityhub-update-finding" + ] + } + }, + { + "Moloch": { + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", + "moloch_unique_json" + ] + } + }, + { + "RedLock": { + "name": "RedLock", + "commands": [ + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", + "redlock-list-alert-filters" + ] + } + }, + { + "Whois": { + "name": "Whois", + "fromversion": "4.1.0", + "commands": [ + "whois" + ] + } + }, + { + "SafeBreach": { + "name": "SafeBreach", + "commands": [ + "safebreach-rerun", + "safebreach-get-simulation" + ] + } + }, + { + "AlphaSOC Wisdom": { + "name": "AlphaSOC Wisdom", + "commands": [ + "wisdom-domain-flags", + "wisdom-ip-flags" + ] + } + }, + { + "jamf": { + "name": "jamf", + "commands": [ + "jamf-get-computers", + "jamf-get-computers-match" + ] + } + }, + { + "CIRCL": { + "name": "CIRCL", + "commands": [ + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", + "circl-ssl-get-certificate" + ] + } + }, + { + "Panorama": { + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", + "panorama-push-status" + ] + } + }, + { + "icebrg": { + "name": "icebrg", + "commands": [ + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", + "icebrg-get-report-assets" + ] + } + }, + { + "EasyVista": { + "name": "EasyVista", + "commands": [ + "easy-vista-search" + ] + } + }, + { + "ThreatConnect": { + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", + "tc-get-incident-associate-indicators" + ] + } + }, + { + "BitDam": { + "name": "BitDam", + "commands": [ + "bitdam-upload-file", + "bitdam-get-verdict" + ] + } + }, + { + "AWS - S3": { + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", + "aws-s3-upload-file" + ] + } + }, + { + "McAfee Advanced Threat Defense": { + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login" + ] + } + }, + { + "GuardiCore": { + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", + "guardicore-search-network-log" + ] + } + }, + { + "Mimecast": { + "name": "Mimecast", + "fromversion": "1.6.2", + "commands": [ + "mimecast-query" + ] + } + }, + { + "Shodan": { + "name": "Shodan", + "commands": [ + "search", + "ip" + ] + } + }, + { + "AWS - GuardDuty": { + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", + "aws-gd-update-findings-feedback" + ] + } + }, + { + "Mimecast Authentication": { + "name": "Mimecast Authentication", + "commands": [ + "mimecast-login", + "mimecast-discover", + "mimecast-refresh-token" + ] + } + }, + { + "malwr": { + "name": "malwr", + "fromversion": "3.0.0", + "commands": [ + "malwr-submit", + "malwr-status", + "malwr-result", + "malwr-detonate" + ] + } + }, + { + "FalconHost": { + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", + "cs-detection-details" + ] + } + }, + { + "ServiceNow": { + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", + "servicenow-get-table-name" + ] + } + }, + { + "Tenable.sc": { + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", + "tenable-sc-get-system-information" + ] + } + }, + { + "google-vault": { + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", + "gvault-get-groups-results" + ] + } + }, + { + "AlienValut OTX": { + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", + "url" + ] + } + }, + { + "MISP": { + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", + "internal-misp-add-attribute" + ] + } + }, + { + "FalconIntel": { + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", + "cs-report-pdf" + ] + } + }, + { + "Box": { + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", + "box_files_get_info" + ] + } + }, + { + "Remedy On-Demand": { + "name": "Remedy On-Demand", + "commands": [ + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-update" + ] + } + }, + { + "Rasterize": { + "name": "Rasterize", + "commands": [ + "rasterize", + "rasterize-email", + "rasterize-image" + ] + } + }, + { + "FortiGate": { + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", + "fortigate-delete-address-group" + ] + } + }, + { + "RTIR": { + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", + "rtir-add-reply" + ] + } + }, + { + "Tenable.io": { + "name": "Tenable.io", + "commands": [ + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-status" + ] + } + }, + { + "Stealthwatch Cloud": { + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", + "sw-list-sessions" + ] + } + }, + { + "EWS v2": { + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", + "ews-o365-get-compliance-search-purge-status" + ] + } + }, + { + "Lockpath KeyLight": { + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", + "kl-delete-record-attachments" + ] + } + }, + { + "Dell Secureworks": { + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count" + ] + } + }, + { + "Luminate": { + "name": "Luminate", + "fromversion": "0.0.0", + "commands": [ + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", + "lum-get-ssh-access-logs" + ] + } + }, + { + "VirusTotal - Private API": { + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", + "vt-private-download-file" + ] + } + }, + { + "Guidance Encase Endpoint": { + "name": "Guidance Encase Endpoint", + "commands": [ + "encase-copyjob", + "encase-snapshot", + "encase-verifyhash" + ] + } + }, + { + "Incapsula": { + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", + "incap-get-app-info" + ] + } + }, + { + "XFE": { + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", + "cve-latest" + ] + } + }, + { + "Cymon": { + "name": "Cymon", + "commands": [ + "ip", + "domain" + ] + } + }, + { + "McAfee Advanced Threat Defense": { + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", + "atd-check-status" + ] + } + }, + { + "AWS - CloudWatchLogs": { + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", + "aws-logs-describe-metric-filters" + ] + } + }, + { + "Microsoft Graph": { + "name": "Microsoft Graph", + "commands": [ + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", + "msg-get-user" + ] + } + }, + { + "Secdo": { + "name": "Secdo", + "commands": [ + "secdo-add-IOCs" + ] + } + }, + { + "Preempt": { + "name": "Preempt", + "commands": [ + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", + "preempt-get-alerts" + ] + } + }, + { + "PostgreSQL": { + "name": "PostgreSQL", + "commands": [ + "pgsql-query" + ] + } + }, + { + "epo": { + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", + "epo-get-version" + ] + } + }, + { + "GRR": { + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", + "grr_set_hunts" + ] + } + }, + { + "Nessus": { + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", + "nessus-scan-status" + ] + } + }, + { + "GuardiCore": { + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", + "guardicore-search-network-log" + ] + } + }, + { + "Digital Shadows": { + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", + "ds-get-tags" + ] + } + }, + { + "fireeye": { + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", + "fe-submit-url-result" + ] + } + }, + { + "RSA NetWitness Packets and Logs": { + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", + "nw-database-dump" + ] + } + }, + { + "RSA NetWitness v11.1": { + "name": "RSA NetWitness v11.1", + "commands": [ + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", + "netwitness-get-alerts" + ] + } + }, + { + "Symantec Messaging Gateway": { + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", + "smg-get-blocked-ips" + ] + } + }, + { + "OTRS": { + "name": "OTRS", + "fromversion": "4.1.0", + "commands": [ + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", + "otrs-close-ticket" + ] + } + }, + { + "Check Point Sandblast": { + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", + "sandblast-quota" + ] + } + }, + { + "Cylance Protect": { + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", + "cp-get-policy-details" + ] + } + }, + { + "TCPIPUtils": { + "name": "TCPIPUtils", + "commands": [ + "ip" + ] + } + }, + { + "RSA NetWitness Security Analytics": { + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", + "netwitness-im-get-alert-original" + ] + } + }, + { + "Where is the egg?": { + "name": "Where is the egg?", + "fromversion": "3.6.0", + "commands": [ + "clue" + ] + } + }, + { + "jira": { + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link" + ] + } + }, + { + "Vectra": { + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", + "vec-get-detetctions-by-id" + ] + } + }, + { + "Twilio": { + "name": "Twilio", + "fromversion": "2.5.0", + "commands": [ + "TwilioSendSMS" + ] + } + }, + { + "PhishTank": { + "name": "PhishTank", + "commands": [ + "url", + "phishtank-reload", + "phishtank-status" + ] + } + }, + { + "FireEye iSIGHT": { + "name": "FireEye iSIGHT", + "commands": [ + "ip", + "domain", + "file", + "isight-get-report", + "isight-submit-file" + ] + } + }, + { + "BigFix": { + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", + "bigfix-query" + ] + } + }, + { + "Phish.AI": { + "name": "Phish.AI", + "fromversion": "4.0.0", + "commands": [ + "phish-ai-scan-url", + "phish-ai-check-status" + ] + } + }, + { + "Koodous": { + "name": "Koodous", + "commands": [ + "k-check-hash" + ] + } + }, + { + "IntSights": { + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", + "intsights-close-alert" + ] + } + } + ], + "TestPlaybooks": [ + { + "SignalSciences Test": { + "name": "SignalSciences Test", + "implementing_commands": [ + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", + "sigsci-whitelist-remove-ip" + ] + } + }, + { + "Microsoft Graph Test": { + "name": "Microsoft Graph Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "msg-search-alerts", + "msg-update-alert", + "msg-get-alert-details" + ] + } + }, + { + "Mail Sender (New) Test": { + "name": "Email Sender Python", + "implementing_scripts": [ + "Set", + "FileCreateAndUpload", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", + "send-mail" + ] + } + }, + { + "ThreatExchange-test": { + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", + "ExtractURL" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "file" + ] + } + }, + { + "PortListenCheck-test": { + "name": "PortListenCheck-test", + "implementing_scripts": [ + "Print", + "PortListenCheck" + ] + } + }, + { + "Qualys-Test": { + "name": "Qualys-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", + "qualys-report-list" + ] + } + }, + { + "Pipl Test": { + "name": "Pipl Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "pipl-search" + ] + } + }, + { + "Splunk-Test": { + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", + "AreValuesEqual" + ], + "implementing_commands": [ + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes" + ] + } + }, + { + "67b0f25f-b061-4468-8613-43ab13147173": { + "name": "CbP-PlayBook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", + "cbp-fileAnalysis-get" + ] + } + }, + { + "test_url_regex": { + "name": "Test URL Regex", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext" + ] + } + }, + { + "8984405a-4274-470a-8a34-a437d8e2e1c5": { + "name": "Test - PhishMe", + "implementing_scripts": [ + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "url", + "phishme-search", + "email", + "file", + "ip" + ] + } + }, + { + "4078d8b6-37c6-42d7-8324-16096a2feb51": { + "name": "AWS - Route53 Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", + "aws-route53-list-hosted-zones" + ] + } + }, + { + "EWS Mail Sender Test": { + "name": "EWS Mail Sender Test", + "implementing_scripts": [ + "http" + ], + "implementing_commands": [ + "send-mail" + ] + } + }, + { + "Icebrg Test": { + "name": "Icebrg Test", + "implementing_commands": [ + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-get-report-indicators" + ] + } + }, + { + "tenable-sc-scan-test": { + "name": "Test tenable scan", + "implementing_playbooks": [ + "Launch Scan - Tenable.sc" + ] + } + }, + { + "VMWare Test": { + "name": "VMWare Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", + "vmware-get-vms" + ] + } + }, + { + "OpenPhish Test Playbook": { + "name": "OpenPhish Test Playbook", + "implementing_scripts": [ + "Print", + "CloseInvestigation", + "Exists" + ], + "implementing_commands": [ + "url", + "openphish-status" + ] + } + }, + { + "Intezer Testing": { + "name": "Intezer Testing", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http" + ], + "implementing_commands": [ + "intezer-upload", + "file" + ] + } + }, + { + "test-domain-indicator": { + "name": "test-domain-indicator", + "implementing_scripts": [ + "Print", + "GetIndicatorDBotScore", + "Sleep" + ] + } + }, + { + "ip_enrichment_generic_test": { + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "IP Enrichment - Generic" + ] + } + }, + { + "Nessus - Test": { + "name": "Nessus - Test", + "implementing_scripts": [ + "WhileLoop" + ], + "implementing_commands": [ + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", + "nessus-scan-details" + ] + } + }, + { + "d66e5f86-e045-403f-819e-5058aa603c32": { + "name": "AWS - EC2 Test Playbook actions", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", + "aws-ec2-stop-instances" + ] + } + }, + { + "Google-Vault-Generic-Test": { + "name": "Google Vault Generic Test", + "implementing_scripts": [ + "VerifyContext", + "GeneratePassword", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-create-export-groups" + ] + } + }, + { + "cve_enrichment_-_generic_-_test": { + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "CVE Enrichment - Generic" + ] + } + }, + { + "ReadPDFFile-Test": { + "name": "ReadPDFFile-Test", + "implementing_scripts": [ + "DeleteContext", + "http", + "ReadPDFFile" + ] + } + }, + { + "RegexGroups Test": { + "name": "RegexGroups Test", + "implementing_scripts": [ + "RaiseError", + "VerifyContext", + "Set", + "DeleteContext" + ] + } + }, + { + "GmailTest": { + "name": "GmailTest", + "implementing_scripts": [ + "GetTime", + "DeleteContext" + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", + "gmail-search" + ] + } + }, + { + "Extract Indicators From File - test": { + "name": "Extract Indicators From File - test", + "implementing_scripts": [ + "RaiseError", + "http" + ], + "implementing_playbooks": [ + "Extract Indicators From File - Generic" + ] + } + }, + { + "Kenna Test": { + "name": "Kenna Test", + "implementing_commands": [ + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", + "kenna-get-connectors" + ] + } + }, + { + "3da2e31b-f114-4d7f-8702-117f3b498de9": { + "name": "AWS - CloudTrail Test Playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", + "aws-cloudtrail-stop-logging" + ] + } + }, + { + "test_Qradar": { + "name": "test_Qradar", + "implementing_scripts": [ + "FetchFromInstance", + "DeleteContext" + ], + "implementing_playbooks": [ + "QRadarFullSearch" + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", + "qradar-delete-reference-set-value" + ] + } + }, + { + "Centreon-Test-Playbook": { + "name": "Centreon-Test-Playbook", + "implementing_commands": [ + "centreon-get-host-status" + ] + } + }, + { + "ssdeepreputationtest": { + "name": "SsdeepReputationTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", + "SSDeepReputation" + ] + } + }, + { + "crowdstrike_falconhost_test": { + "name": "CrowdStrike FalconHost Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-search", + "cs-device-details" + ] + } + }, + { + "dnstwistTest": { + "name": "dnstwistTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "dnstwist-domain-variations" + ] + } + }, + { + "IPInfoTest": { + "name": "IPInfoTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "Tanium Test Playbook": { + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", + "implementing_commands": [ + "tn-deploy-package", + "tn-ask-question", + "tn-get-saved-question" + ] + } + }, + { + "Netskope Test": { + "name": "Netskope Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "netskope-events", + "netskope-alerts" + ] + } + }, + { + "entity_enrichment_generic_test": { + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Entity Enrichment - Generic" + ] + } + }, + { + "CrowdStrike Falcon Intel v2": { + "name": "CrowdStrike Falcon Intel v2", + "implementing_scripts": [ + "DeleteContext", + "ThrowException" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", + "cs-reports" + ] + } + }, + { + "search_endpoints_by_hash_-_tie_-_test": { + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - TIE" + ] + } + }, + { + "nexpose_test": { + "name": "Nexpose test", + "implementing_scripts": [ + "GenerateUUID", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", + "nexpose-get-scans" + ] + } + }, + { + "cisco-ise-test-playbook": { + "name": "cisco-ise-test-playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "cisco-ise-get-endpoints" + ] + } + }, + { + "CarbonBlackResponseTest": { + "name": "Carbon Black Response Test", + "implementing_scripts": [ + "CarbonBlackResponseFilterSensors", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", + "cb-alert" + ] + } + }, + { + "dedup_-_generic_-_test": { + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "CreateDuplicateIncident", + "DeleteContext" + ], + "implementing_playbooks": [ + "Dedup - Generic" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "VxStream Test": { + "name": "VxStream Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http", + "Exists" + ], + "implementing_commands": [ + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", + "crowdstrike-search" + ] + } + }, + { + "PhishTank Testing": { + "name": "PhishTank Testing", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set", + "http", + "ReadFile" + ], + "implementing_commands": [ + "url" + ] + } + }, + { + "BigFixTest": { + "name": "BigFixTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-deploy-patch" + ] + } + }, + { + "Cisco-Meraki-Test": { + "name": "Cisco-Meraki-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", + "meraki-fetch-organization-inventory" + ] + } + }, + { + "url_enrichment_-_generic_test": { + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "URL Enrichment - Generic" + ], + "implementing_commands": [ + "rasterize" + ] + } + }, + { + "CheckpointFW-test": { + "name": "CheckpointFW-test", + "implementing_scripts": [ + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", + "CheckpointFWCreateBackup" + ], + "implementing_commands": [ + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", + "checkpoint-show-hosts" + ] + } + }, + { + "Test Playbook McAfee ATD": { + "name": "Test Playbook McAfee ATD", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_playbooks": [ + "Detonate URL - McAfee ATD", + "ATD - Detonate File" + ], + "implementing_commands": [ + "atd-list-analyzer-profiles", + "atd-login", + "atd-list-user" + ] + } + }, + { + "Cisco-Umbrella-Test": { + "name": "Cisco-Umbrella-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", + "umbrella-domain-categorization" + ] + } + }, + { + "Test Playbook McAfee ePO": { + "name": "Test Playbook McAfee ePO", + "implementing_scripts": [ + "RaiseError", + "DeleteContext" + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", + "epo-query-table" + ] + } + }, + { + "grr_test": { + "name": "GRR Test", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_commands": [ + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", + "grr-get-flows" + ] + } + }, + { + "RTIR Test": { + "name": "RTIR Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", + "rtir-search-ticket" + ] + } + }, + { + "GeneratePassword-Test": { + "name": "GeneratePassword-Test", + "implementing_scripts": [ + "Print", + "GeneratePassword", + "DeleteContext", + "Exists" + ] + } + }, + { + "EWS Public Folders Test": { + "name": "EWS Public Folders Test", + "implementing_commands": [ + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", + "ews-get-folder" + ] + } + }, + { + "account_enrichment_-_generic_test": { + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Account Enrichment - Generic" + ] + } + }, + { + "TestStringReplace": { + "name": "TestStringReplace", + "implementing_scripts": [ + "StringReplace", + "VerifyContextFields", + "DeleteContext" + ] + } + }, + { + "EWSv2_empty_attachment_test": { + "name": "EWSv2_empty_attachment_test", + "implementing_commands": [ + "ews-get-attachment" + ] + } + }, + { + "search_endpoints_by_hash_-_crowdstrike_-_test": { + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - CrowdStrike" + ] + } + }, + { + "IBM Resilient Systems Test": { + "name": "IBM Resilient Systems Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", + "rs-incident-artifacts" + ] + } + }, + { + "whois_test": { + "name": "whois_test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "closeInvestigation", + "whois" + ] + } + }, + { + "c7d68ad5MxToolbox_test": { + "name": "MxToolbox_test", + "implementing_scripts": [ + "CloseInvestigation", + "Exists", + "ToTable" + ], + "implementing_commands": [ + "mxtoolbox" + ] + } + }, + { + "Jira-Test": { + "name": "Jira-Test", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload" + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", + "jira-get-issue" + ] + } + }, + { + "2142f8de-29d5-4288-8426-0db39abe988b": { + "name": "AWS - EC2 Test Playbook ", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", + "aws-ec2-describe-addresses" + ] + } + }, + { + "palo_alto_firewall_test_pb": { + "name": "palo_alto_firewall_test_pb", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_playbooks": [ + "PanoramaCommitConfiguration" + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", + "panorama-delete-address" + ] + } + }, + { + "Google Safe Browsing Test": { + "name": "Google Safe Browsing Test", + "implementing_scripts": [ + "RaiseError", + "CloseInvestigation" + ], + "implementing_commands": [ + "url" + ] + } + }, + { + "Tenable.io test": { + "name": "Tenable.io test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", + "tenable-io-get-scan-status" + ] + } + }, + { + "JoeSecurityTestPlaybook": { + "name": "JoeSecurityTestPlaybook", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_commands": [ + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", + "joe-analysis-submit-url" + ] + } + }, + { + "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample By Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "OTRS Test": { + "name": "OTRS Test", + "implementing_scripts": [ + "FetchFromInstance" + ], + "implementing_commands": [ + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", + "otrs-get-ticket" + ] + } + }, + { + "get_original_email_-_gmail_-_test": { + "name": "Get Original Email - Gmail - Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_playbooks": [ + "Get Original Email - Gmail" + ] + } + }, + { + "TestHPServiceManager": { + "name": "TestHPServiceManager", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", + "hpsm-get-incident-by-id" + ] + } + }, + { + "AbuseIPDB Test": { + "name": "AbuseIPDB Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", + "abuseipdb-report-ip" + ] + } + }, + { + "TestIsValueInArray": { + "name": "TestIsValueInArray", + "implementing_scripts": [ + "CloseInvestigation", + "Set", + "IsValueInArray" + ] + } + }, + { + "GsuiteTest": { + "name": "test-Gsuite", + "implementing_scripts": [ + "VerifyContextFields" + ], + "implementing_commands": [ + "googleapps-list-users" + ] + } + }, + { + "efc817d2-6660-4d4f-890d-90513ca1e180": { + "name": "Cisco Spark Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", + "cisco-spark-list-rooms" + ] + } + }, + { + "iDefenseTest": { + "name": "iDefenseTest", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "uuid" + ] + } + }, + { + "block_indicators_-_generic_-_test": { + "name": "Block Indicators - Generic - Test", + "implementing_playbooks": [ + "Block Indicators - Generic" + ] + } + }, + { + "rsa_packets_and_logs_test": { + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", + "netwitness-query" + ] + } + }, + { + "Google_Vault-Search_And_Display_Results_test": { + "name": "Google Vault - Search And Display Results test", + "implementing_scripts": [ + "GeneratePassword", + "DeleteContext" + ], + "implementing_playbooks": [ + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", + "Google Vault - Search Drive" + ] + } + }, + { + "URLDecode-Test": { + "name": "URLDecode-Test", + "implementing_scripts": [ + "URLDecode", + "DeleteContext" + ] + } + }, + { + "Zscaler Test": { + "name": "Zscaler Test", + "implementing_scripts": [ + "GenerateUUID", + "isError" + ], + "implementing_commands": [ + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", + "zscaler-category-add-url" + ] + } + }, + { + "urlscan_malicious_Test": { + "name": "urlscan_malicious_Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "urlscan-search" + ] + } + }, + { + "DemistoUploadFileToIncident Test": { + "name": "DemistoUploadFileToIncident Test", + "implementing_scripts": [ + "DemistoUploadFileToIncident", + "http" + ] + } + }, + { + "ParseEmailFiles-test": { + "name": "ParseEmailFiles-test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", + "ParseEmailFiles" + ] + } + }, + { + "extract_indicators_-_generic_-_test": { + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IncidentSet", + "DeleteContext", + "VerifyContext" + ], + "implementing_playbooks": [ + "Extract Indicators - Generic" + ] + } + }, + { + "listExecutedCommands-Test": { + "name": "listExecutedCommands-Test", + "implementing_scripts": [ + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", + "AreValuesEqual" + ] + } + }, + { + "Phishing test - Inline": { + "name": "Phishing test - Inline", + "implementing_scripts": [ + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Phishing Investigation - Generic" + ] + } + }, + { + "Tenable.io Scan Test": { + "name": "Tenable.io Scan Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Tenable.io Scan" + ] + } + }, + { + "AlphaSOC-Wisdom-Test": { + "name": "AlphaSOC Wisdom Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "wisdom-ip-flags", + "wisdom-domain-flags" + ] + } + }, + { + "pyEWS_Test": { + "name": "pyEWS_Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", + "ews-search-mailboxes" + ] + } + }, + { + "virusTotal-test-playbook": { + "name": "virusTotal-test-playbook", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext", + "Exists" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "file" + ] + } + }, + { + "calculate_severity_-_critical_assets_-_test": { + "name": "Calculate Severity - Critical assets - Test", + "implementing_scripts": [ + "VerifyContext", + "ADGetUser" + ], + "implementing_playbooks": [ + "Calculate Severity - Critical assets" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_response_-_test": { + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Response" + ] + } + }, + { + "5dc848e5-a649-4394-8300-386770d39d75": { + "name": "TestGetDuplicatesIncidentsByMl", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", + "TestCreateDuplicates" + ] + } + }, + { + "LogRhythm-Test-Playbook": { + "name": "LogRhythm-Test-Playbook", + "implementing_commands": [ + "lr-get-alarms" + ] + } + }, + { + "test_similar_incidents": { + "name": "Test Similar Incidents", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", + "FindSimilarIncidents" + ] + } + }, + { + "2cddaacb-4e4c-407e-8ef5-d924867b810c": { + "name": "AWS - CloudWatchLogs Test Playbook_copy", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", + "aws-logs-delete-retention-policy" + ] + } + }, + { + "TestSkyformation": { + "name": "TestSkyformation", + "implementing_scripts": [ + "TestFail" + ], + "implementing_commands": [ + "skyformation-get-accounts" + ] + } + }, + { + "EWS test": { + "name": "EWS test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", + "SendEmail" + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", + "ews-delete-items" + ] + } + }, + { + "ShodanTest": { + "name": "ShodanTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "d8628445-ff86-40f9-857d-50b3f1d295a6": { + "name": "Sandblast malicious test", + "implementing_scripts": [ + "DeleteContext", + "Exists", + "echo" + ], + "implementing_commands": [ + "sandblast-query", + "sandblast-upload" + ] + } + }, + { + "minemeld_test": { + "name": "Palo Alto MineMeld Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner" + ] + } + }, + { + "Archer-Test-Playbook": { + "name": "Archer-Test-Playbook", + "implementing_scripts": [ + "VerifyContextFields", + "DeleteContext" + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", + "archer-get-record" + ] + } + }, + { + "LanguageDetect-Test": { + "name": "LanguageDetect-Test", + "implementing_scripts": [ + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", + "Exists" + ] + } + }, + { + "ThreatGridTest": { + "name": "ThreatGridTest", + "implementing_scripts": [ + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", + "threat-grid-upload-sample" + ] + } + }, + { + "Detonate URL - Generic Test": { + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate URL - Generic" + ] + } + }, + { + "test-ThreatConnect": { + "name": "test-ThreatConnect", + "implementing_commands": [ + "tc-owners" + ] + } + }, + { + "TestMatchRegex": { + "name": "TestMatchRegex", + "implementing_scripts": [ + "DeleteContext", + "MatchRegex" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "search_endpoints_by_hash_-_generic_-_test": { + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Generic" + ] + } + }, + { + "Detonate File - SNDBOX - Test": { + "name": "Detonate File - SNDBOX - Test", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - SNDBOX" + ] + } + }, + { + "CreatePhishingClassifierMLTest": { + "name": "Create Phishing Classifier ML Test", + "implementing_scripts": [ + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", + "TestCreateIncidents" + ], + "implementing_playbooks": [ + "DBot Create Phishing Classifier" + ] + } + }, + { + "CirclIntegrationTest": { + "name": "CIRCL Test", + "implementing_scripts": [ + "VerifyHumanReadableContains", + "PrintErrorEntry", + "isError" + ], + "implementing_commands": [ + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", + "circl-dns-get" + ] + } + }, + { + "ProofpointDecodeURL-Test": { + "name": "ProofpointDecodeURL-Test", + "implementing_scripts": [ + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", + "AreValuesEqual" + ] + } + }, + { + "FireEye HX Test": { + "name": "FireEye HX Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", + "fireeye-hx-get-indicator" + ] + } + }, + { + "hashicorp_test": { + "name": "hashicorp_test", + "implementing_scripts": [ + "GetTime", + "DeleteContext" + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", + "hashicorp-reset-configuration" + ] + } + }, + { + "decodemimeheader_-_test": { + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DecodeMimeHeader", + "DeleteContext", + "VerifyContext" + ] + } + }, + { + "XFE Test": { + "name": "XFE Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cve-latest", + "cve-search", + "file" + ] + } + }, + { + "Base64 File in List Test": { + "name": "Base64 File in List Test", + "implementing_scripts": [ + "VerifyContext", + "Base64ListToFile" + ], + "implementing_commands": [ + "setList" + ] + } + }, + { + "Cybereason Test": { + "name": "Cybereason Test", + "implementing_scripts": [ + "FetchFromInstance", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-malops" + ] + } + }, + { + "ActiveMQ Test": { + "name": "ActiveMQ Test", + "implementing_scripts": [ + "VerifyContext", + "Sleep" + ], + "implementing_commands": [ + "activemq-send", + "activemq-subscribe" + ] + } + }, + { + "McAfeeNSMTest": { + "name": "McAfeeNSMTest", + "implementing_commands": [ + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", + "nsm-get-sensors" + ] + } + }, + { + "SNDBOX_Test": { + "name": "SNDBOX_Test", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_commands": [ + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", + "sndbox-is-online" + ] + } + }, + { + "Fortigate Test": { + "name": "Fortigate Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", + "fortigate-update-policy" + ] + } + }, + { + "sep_-_test_endpoint_search": { + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "sep-endpoints-info" + ] + } + }, + { + "awake_security_test_pb": { + "name": "awake_security_test_pb", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", + "email" + ] + } + }, + { + "af2f5a99-d70b-48c1-8c25-519732b733f2": { + "name": "nmap-test", + "implementing_scripts": [ + "CloseInvestigation", + "Print", + "Exists" + ], + "implementing_commands": [ + "nmap-scan" + ] + } + }, + { + "Detonate File - No Files test": { + "name": "Detonate File - No Files test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", + "ExtractEmail" + ] + } + }, + { + "test-LinkIncidentsWithRetry": { + "name": "test-LinkIncidentsWithRetry", + "implementing_scripts": [ + "Print", + "LinkIncidentsWithRetry", + "AreValuesEqual" + ], + "implementing_commands": [ + "createNewIncident" + ] + } + }, + { + "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { + "name": "Autofocus_test", + "implementing_scripts": [ + "CloseInvestigation", + "IsMaliciousIndicatorFound", + "AreValuesEqual" + ], + "implementing_commands": [ + "autofocus-search-sessions", + "file", + "autofocus-search-samples" + ] + } + }, + { + "Remedy-On-Demand-Test": { + "name": "Remedy-On-Demand-Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-incident-update" + ] + } + }, + { + "get_file_sample_from_path_-_generic_-_test": { + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Generic" + ], + "implementing_commands": [ + "cb-list-sensors" + ] + } + }, + { + "Test ParseCSV": { + "name": "Test ParseCSV", + "implementing_scripts": [ + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", + "AreValuesEqual" + ] + } + }, + { + "Preempt Test": { + "name": "Preempt Test", + "implementing_commands": [ + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", + "preempt-add-to-watch-list" + ] + } + }, + { + "playbook-Cymon_Test": { + "name": "playbook-Cymon_Test", + "implementing_scripts": [ + "VerifyContext", + "StringContains", + "DeleteContext", + "ValidateErrorExistence" + ], + "implementing_commands": [ + "ip", + "domain" + ] + } + }, + { + "150778e9-90ca-4c28-873e-f050f2c6d3a3": { + "name": "HTTPRedirectList Test", + "implementing_scripts": [ + "CloseInvestigation", + "HTTPListRedirects", + "AreValuesEqual" + ] + } + }, + { + "TCPUtils-Test": { + "name": "Tcpiputlis Test Playbook", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "113aca8a-ee52-419f-89a6-150ee232d0d1": { + "name": "S3 Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", + "aws-s3-delete-bucket" + ] + } + }, + { + "buildewsquery_test": { + "name": "BuildEWSQuery Test", + "implementing_scripts": [ + "BuildEWSQuery", + "VerifyContext" + ] + } + }, + { + "palo_alto_panorama_test_pb": { + "name": "palo_alto_panorama_test_pb", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", + "panorama-delete-address" + ] + } + }, + { + "okta_test_playbook": { + "name": "Okta test playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", + "okta-get-group-assignments" + ] + } + }, + { + "test_delete_context": { + "name": "Test Delete Context", + "implementing_scripts": [ + "RaiseError", + "Set", + "DeleteContext", + "isError" + ] + } + }, + { + "JiraCreateIssue-example-test": { + "name": "JiraCreateIssue-example-test", + "implementing_scripts": [ + "JiraCreateIssue-example", + "DeleteContext" + ], + "implementing_commands": [ + "jira-delete-issue" + ] + } + }, + { + "AttivoBotsinkTest": { + "name": "AttivoBotsinkTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", + "attivo-list-playbooks" + ] + } + }, + { + "email_test": { + "name": "Email Address Enrichment - Generic - Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Email Address Enrichment - Generic" + ] + } + }, + { + "Cisco Umbrella Test": { + "name": "Cisco Umbrella Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", + "umbrella-get-domain-queryvolume" + ] + } + }, + { + "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { + "name": "AWS - SQS Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", + "aws-sqs-delete-queue" + ] + } + }, + { + "RedCanaryTest": { + "name": "RedCanaryTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", + "redcanary-execute-playbook" + ] + } + }, + { + "blockip_test_playbook": { + "name": "blockip_test_playbook", + "implementing_scripts": [ + "BlockIP" + ] + } + }, + { + "block_endpoint_-_carbon_black_response_-_test": { + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Block Endpoint - Carbon Black Response" + ], + "implementing_commands": [ + "cb-list-sensors", + "cb-unquarantine-device", + "cb-sensor-info" + ] + } + }, + { + "exporttocsv_script_test": { + "name": "ExportToCSV script test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", + "ReadFile" + ] + } + }, + { + "get_file_sample_from_path_-_d2_-_test": { + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - D2" + ] + } + }, + { + "GetTime-Test": { + "name": "GetTime-Test", + "implementing_scripts": [ + "GetTime", + "DeleteContext", + "MatchRegex" + ] + } + }, + { + "CreateEmailHtmlBody_test_pb": { + "name": "CreateEmailHtmlBody_test_pb", + "implementing_scripts": [ + "CreateEmailHtmlBody", + "DeleteContext" + ], + "implementing_commands": [ + "createList" + ] + } + }, + { + "forcepoint test": { + "name": "forcepoint test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", + "fp-delete-categories" + ] + } + }, + { + "CrowdStrike Endpoint Enrichment - Test": { + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "CrowdStrike Endpoint Enrichment" + ], + "implementing_commands": [ + "cs-device-search", + "cs-detection-search" + ] + } + }, + { + "endpoint_enrichment_-_generic_test": { + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Endpoint Enrichment - Generic" + ] + } + }, + { + "TestHttpPlaybook": { + "name": "TestHttpPlaybook", + "implementing_scripts": [ + "VerifyContextFields", + "DeleteContext", + "http" + ] + } + }, + { + "Test-IsMaliciousIndicatorFound": { + "name": "Test-IsMaliciousIndicatorFound", + "implementing_scripts": [ + "VerifyContext", + "Sleep", + "IsMaliciousIndicatorFound" + ], + "implementing_commands": [ + "createNewIndicator" + ] + } + }, + { + "Mimecast test": { + "name": "Mimecast test", + "implementing_scripts": [ + "FetchFromInstance", + "DeleteContext" + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", + "mimecast-get-url-logs" + ] + } + }, + { + "TestParseCSV": { + "name": "TestParseCSV", + "implementing_scripts": [ + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", + "ExportToCSV" + ] + } + }, + { + "ArcSight Logger test": { + "name": "ArcSight Logger test", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", + "as-events" + ] + } + }, + { + "Cylance Protect v2 Test": { + "name": "Cylance Protect v2 Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", + "cylance-protect-add-hash-to-list" + ] + } + }, + { + "McAfeeESMTest": { + "name": "McAfeeESMTest", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", + "esm-fetch-alarms" + ] + } + }, + { + "Detonate File - Generic Test": { + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "Jask_Test": { + "name": "Jask Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", + "jask-get-insight-comments" + ] + } + }, + { + "RSA NetWitness Test": { + "name": "RSA NetWitness Test", + "implementing_commands": [ + "netwitness-get-incident", + "netwitness-get-incidents" + ] + } + }, + { + "Test_Sagemaker": { + "name": "Test Sagemaker", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "predict-phishing" + ] + } + }, + { + "ExtractURL Test": { + "name": "ExtractURL Test", + "implementing_scripts": [ + "Print", + "ExtractURL", + "IsTrue" + ] + } + }, + { + "tenable-sc-test": { + "name": "Tenable.sc Test", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext", + "FetchFromInstance" + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", + "tenable-sc-list-users" + ] + } + }, + { + "ReversingLabsA1000Test": { + "name": "ReversingLabsA1000Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", + "file" + ] + } + }, + { + "TestWordFileToIOC": { + "name": "TestWordFileToIOC", + "implementing_scripts": [ + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", + "ParseWordDoc" + ] + } + }, + { + "TestExtractHTMLTables": { + "name": "TestExtractHTMLTables", + "implementing_scripts": [ + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", + "Exists" + ] + } + }, + { + "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { + "name": "Test - urlscan", + "implementing_scripts": [ + "CloseInvestigation", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "url", + "ip", + "urlscan-submit" + ] + } + }, + { + "RasterizeImageTest": { + "name": "RasterizeImageTest", + "implementing_scripts": [ + "GenerateImageFileEntry", + "DeleteContext" + ], + "implementing_commands": [ + "rasterize-image", + "closeInvestigation" + ] + } + }, + { + "InfoArmorVigilanteATITest": { + "name": "InfoArmorVigilanteATITest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", + "vigilante-search-leaks" + ] + } + }, + { + "strings-test": { + "name": "strings-test", + "implementing_scripts": [ + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", + "VerifyContext" + ] + } + }, + { + "process_email_-_generic_-_test": { + "name": "Process Email - Generic - Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Process Email - Generic" + ] + } + }, + { + "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { + "name": "AWS - S3 Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy" + ] + } + }, + { + "TestFileCreateAndUpload": { + "name": "TestFileCreateAndUpload", + "implementing_scripts": [ + "Print", + "FileCreateAndUpload", + "DeleteContext", + "CloseInvestigation" + ] + } + }, + { + "get_original_email_-_ews-_test": { + "name": "Get Original Email - EWS - Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_playbooks": [ + "Get Original Email - EWS" + ] + } + }, + { + "Remedy AR Test": { + "name": "Remedy AR Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "remedy-get-server-details" + ] + } + }, + { + "WordTokenizeTest": { + "name": "WordTokenizeTest", + "implementing_scripts": [ + "VerifyContext", + "WordTokenizer", + "DeleteContext" + ] + } + }, + { + "ExtractDomainTest": { + "name": "ExtractDomainTest", + "implementing_scripts": [ + "VerifyContext", + "ExtractDomain" + ] + } + }, + { + "TestCommonPython": { + "name": "TestCommonPython", + "implementing_scripts": [ + "TestPYCommonServer" + ] + } + }, + { + "get_file_sample_by_hash_-_cylance_protect_-_test": { + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample By Hash - Cylance Protect" + ] + } + }, + { + "TestPacketsled": { + "name": "TestPacketsled", + "implementing_commands": [ + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", + "packetsled-get-incidents" + ] + } + }, + { + "EWS search-mailbox test": { + "name": "EWS search-mailbox test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "ews-search-mailbox", + "ews-move-item", + "send-mail" + ] + } + }, + { + "IntSights Test": { + "name": "IntSights Test", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext", + "Exists", + "IsValueInArray" + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", + "intsights-get-alert-activities" + ] + } + }, + { + "SalesforceTestPlaybook": { + "name": "SalesforceTestPlaybook", + "implementing_scripts": [ + "ContextContains", + "DeleteContext" + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", + "salesforce-query" + ] + } + }, + { + "Wildfire Test": { + "name": "Wildfire Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-upload-file-remote", + "wildfire-report" + ] + } + }, + { + "Vectra-test": { + "name": "Vectra-test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", + "vectra-detections" + ] + } + }, + { + "CuckooTest": { + "name": "CuckooTest", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate URL - Cuckoo", + "Detonate File - Cuckoo" + ] + } + }, + { + "TextFromHTML_test_playbook": { + "name": "TextFromHTML Test", + "implementing_scripts": [ + "VerifyContext", + "TextFromHTML" + ] + } + }, + { + "PhishAi-Test": { + "name": "PhishAi-Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "phish-ai-scan-url" + ] + } + }, + { + "Phishing test - attachment": { + "name": "Phishing test - attachment", + "implementing_scripts": [ + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Phishing Investigation - Generic" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_protection_-_test": { + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Protection" + ] + } + }, + { + "Test-Detonate URL - Phish.AI": { + "name": "Test-Detonate URL - Phish.AI", + "implementing_playbooks": [ + "Detonate URL - Phish.AI" + ] + } + }, + { + "ReversingLabsTCTest": { + "name": "ReversingLabsTCTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "file" + ] + } + }, + { + "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Carbon Black Enterprise Response" + ], + "implementing_commands": [ + "cb-list-sensors" + ] + } + }, + { + "PostgreSQL Test": { + "name": "PostgreSQL Test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "VerifyHumanReadableEquals" + ], + "implementing_commands": [ + "pgsql-query" + ] + } + }, + { + "DUO Test Playbook": { + "name": "DUO Test Playbook", + "implementing_scripts": [ + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", + "PrintContext" + ], + "implementing_commands": [ + "duo-preauth" + ] + } + }, + { + "secureworks_test": { + "name": "Secureworks test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", + "secure-works-get-tickets-updates" + ] + } + }, + { + "File Enrichment - Generic Test": { + "name": "File Enrichment - Generic Test", + "implementing_scripts": [ + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "File Enrichment - Generic" + ] + } + }, + { + "JSONtoCSV-Test": { + "name": "JSONtoCSV-Test", + "implementing_scripts": [ + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", + "DeleteContext" + ] + } + }, + { + "ZipFile-Test": { + "name": "ZipFile-Test", + "implementing_scripts": [ + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", + "DeleteContext" + ] + } + }, + { + "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { + "name": "AWS - IAM Test Playbook", + "implementing_scripts": [ + "VerifyContext", + "Sleep" + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", + "aws-iam-delete-instance-profile" + ] + } + }, + { + "ExposeIncidentOwner-Test": { + "name": "ExposeIncidentOwner-Test", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", + "AreValuesEqual" + ] + } + }, + { + "McAfeeWebGatewayTest": { + "name": "McAfeeWebGatewayTest", + "implementing_scripts": [ + "ContextContains", + "DeleteContext", + "Sleep", + "PrintContext" + ], + "implementing_commands": [ + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", + "mwg-get-available-lists" + ] + } + }, + { + "DemistoLockTest": { + "name": "DemistoLockTest", + "implementing_scripts": [ + "Set", + "Print", + "DeleteContext", + "Sleep", + "isError" + ], + "implementing_commands": [ + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", + "demisto-lock-info" + ] + } + }, + { + "Detonate File - BitDam Test": { + "name": "Detonate File - BitDam Test", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - BitDam" + ] + } + }, + { + "Luminate-TestPlaybook": { + "name": "Luminate-TestPlaybook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", + "lum-get-http-access-logs" + ] + } + }, + { + "McAfee-MAR_Test": { + "name": "McAfee-MAR_Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "mar-collectors-list", + "mar-search-multiple", + "mar-search" + ] + } + }, + { + "CarbonBlackLiveResponseTest": { + "name": "Carbon Black Live Response Test", + "implementing_scripts": [ + "TestCreateWordFile", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", + "cb-session-close" + ] + } + }, + { + "Recorded Future Test": { + "name": "Recorded Future Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "ip", + "domain", + "recorded-future-get-related-entities", + "file" + ] + } + }, + { + "NetWitness Endpoint Test": { + "name": "NetWitness Endpoint Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", + "netwitness-get-machine-module" + ] + } + }, + { + "DNSDBTest": { + "name": "DNSDBTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "dnsdb-rrset", + "dnsdb-rdata" + ] + } + }, + { + "VerifyHumanReadableFormat": { + "name": "VerifyHumanReadableFormat", + "implementing_scripts": [ + "VerifyTableToMarkDown", + "VerifyTreeToFlatObject" + ] + } + }, + { + "domain_enrichment_generic_test": { + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Domain Enrichment - Generic" + ] + } + }, + { + "Anomali_ThreatStream_Test": { + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", + "file" + ] + } + }, + { + "ParseExcel-test": { + "name": "ParseExcel-test", + "implementing_scripts": [ + "ParseExcel", + "DeleteContext", + "http" + ] + } + }, + { + "Zoom_Test": { + "name": "Zoom_Test", + "implementing_scripts": [ + "Print", + "VerifyContext", + "GenerateEmail", + "DeleteContext" + ], + "implementing_commands": [ + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", + "zoom-delete-user" + ] + } + }, + { + "DomainTools-Test": { + "name": "DomainTools-Test", + "implementing_scripts": [ + "VerifyContext", + "NotInContextVerification", + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", + "reverseIP" + ] + } + }, + { + "RedLockTest": { + "name": "RedLockTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts" + ] + } + }, + { + "TruSTAR Test": { + "name": "TruSTAR Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", + "trustar-search-indicators" + ] + } + }, + { + "JoeSecurityTestDetonation": { + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", + "Detonate URL - JoeSecurity" + ] + } + }, + { + "Symantec Messaging Gateway Test": { + "name": "Symantec Messaging Gateway Test", + "implementing_scripts": [ + "GenerateIP", + "VerifyContext", + "GenerateUUID", + "AreValuesEqual" + ], + "implementing_commands": [ + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", + "smg-unblock-email" + ] + } + }, + { + "devo_test_playbook": { + "name": "Devo test playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "devo-query" + ] + } + }, + { + "Lastline - testplaybook": { + "name": "Lastline - testplaybook", + "implementing_scripts": [ + "DeleteContext", + "Set", + "http" + ], + "implementing_playbooks": [ + "Detonate URL - Lastline", + "Detonate File - Lastline" + ] + } + }, + { + "detonate_file_-_generic_test": { + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "Test CommonServer": { + "name": "Test CommonServer", + "implementing_scripts": [ + "TestFormatTableValues" + ] + } + }, + { + "Test filters & transformers scripts": { + "name": "Test filters & transformers scripts", + "implementing_scripts": [ + "RaiseError", + "Print", + "Set" + ] + } + }, + { + "virusTotalPrivateAPI-test-playbook": { + "name": "virusTotalPrivateAPI-test-playbook", + "implementing_scripts": [ + "VerifyContext", + "StringContains", + "DeleteContext" + ], + "implementing_commands": [ + "vt-private-get-url-report", + "vt-private-get-file-report", + "vt-private-get-domain-report" + ] + } + }, + { + "SCADAfence_test": { + "name": "SCADAfence_test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAlerts" + ] + } + }, + { + "c19e328d-0cf3-4a94-88b3-df670d984602": { + "name": "SymantecEndpointProtection Test", + "implementing_scripts": [ + "SEPScan", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", + "sep-system-info" + ] + } + }, + { + "PagerDuty Test": { + "name": "PagerDuty Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call-now" + ] + } + }, + { + "pan-appframework-test": { + "name": "pan-appframework-test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "pan-appframework-query-logs" + ] + } + }, + { + "TestSafeBreach": { + "name": "TestSafeBreach", + "implementing_commands": [ + "safebreach-get-simulation", + "safebreach-rerun" + ] + } + }, + { + "ExifReadTest": { + "name": "ExifReadTest", + "implementing_scripts": [ + "GenerateImageFileEntry", + "ExifRead", + "DeleteContext" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "McAfee-TIE Test": { + "name": "McAfee-TIE Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "tie-file-references", + "file", + "tie-set-file-reputation" + ] + } + }, + { + "SymantecMSSTest": { + "name": "SymantecMSSTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "symantec-mss-incidents-list", + "symantec-mss-update-incident", + "symantec-mss-get-incident" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + } + ] } \ No newline at end of file From def740c2588d066c52f7ef4ad29e78f5a44bf803 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 12:18:30 +0200 Subject: [PATCH 36/49] removed CRLFs from id_set.json --- Tests/id_set.json | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/Tests/id_set.json b/Tests/id_set.json index 4716d00ab702..c6f8ed2aa5a9 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -4491,6 +4491,27 @@ ] } }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, { "stoptimetoassignonownerchange": { "name": "StopTimeToAssignOnOwnerChange", @@ -6641,6 +6662,32 @@ ] } }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", @@ -14446,6 +14493,23 @@ ] } }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From e584b5d1016e98d75360b09088fb9817e049e994 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 12:19:50 +0200 Subject: [PATCH 37/49] removed CRLFs from id_set.json --- Tests/id_set.json | 64 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) diff --git a/Tests/id_set.json b/Tests/id_set.json index c6f8ed2aa5a9..b91db0de7f54 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -4512,6 +4512,27 @@ ] } }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, { "stoptimetoassignonownerchange": { "name": "StopTimeToAssignOnOwnerChange", @@ -6688,6 +6709,32 @@ ] } }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", @@ -14510,6 +14557,23 @@ ] } }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From 06202c93dbbade6cd0f598303b9380937e8b8b83 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 13:54:56 +0200 Subject: [PATCH 38/49] removed CRLFs from id_set.json --- Tests/id_set.json | 29252 ++++++++++++++++++++++---------------------- 1 file changed, 14658 insertions(+), 14594 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index b91db0de7f54..469219d2720a 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -1,14595 +1,14659 @@ -{ - "scripts": [ - { - "AwsStopInstance": { - "name": "AwsStopInstance", - "depends_on": [ - "stop-instance" - ] - } - }, - { - "PWFindEvents": { - "name": "PWFindEvents", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "QRadarClassifier": { - "name": "QRadarClassifier", - "deprecated": true, - "depends_on": [ - "qradar-searches" - ] - } - }, - { - "VolLDRModules": { - "name": "VolLDRModules" - } - }, - { - "CPShowHosts": { - "name": "CPShowHosts", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "PWSensors": { - "name": "PWSensors", - "deprecated": true, - "depends_on": [ - "sensors" - ], - "script_executions": [ - "sensors" - ] - } - }, - { - "ADListComputers": { - "name": "ADListComputers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CheckWhitelist": { - "name": "CheckWhitelist", - "deprecated": true, - "script_executions": [ - "getList" - ] - } - }, - { - "VectraHosts": { - "name": "VectraHosts", - "deprecated": true, - "depends_on": [ - "vec-hosts" - ] - } - }, - { - "SetContext": { - "name": "SetContext", - "deprecated": true - } - }, - { - "D2Autoruns": { - "name": "D2Autoruns" - } - }, - { - "MathUtil": { - "name": "MathUtil" - } - }, - { - "CBFindHash": { - "name": "CBFindHash", - "deprecated": true, - "depends_on": [ - "cb-binary" - ] - } - }, - { - "SendEmailToManager": { - "name": "SendEmailToManager", - "fromversion": "3.5.0", - "depends_on": [ - "ad-search", - "send-mail" - ], - "script_executions": [ - "AdSearch", - "AdSearch", - "addEntitlement" - ] - } - }, - { - "FileCreateAndUpload": { - "name": "FileCreateAndUpload" - } - }, - { - "DecodeMimeHeader": { - "name": "DecodeMimeHeader" - } - }, - { - "WildfireUpload": { - "name": "WildfireUpload", - "deprecated": true, - "depends_on": [ - "wildfire-upload" - ] - } - }, - { - "CYFileRep": { - "name": "CYFileRep", - "depends_on": [ - "file", - "cy-upload" - ], - "script_executions": [ - "getEntry", - "file", - "file" - ] - } - }, - { - "PanoramaPcaps": { - "name": "PanoramaPcaps", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "ExtractDomain": { - "name": "ExtractDomain", - "toversion": "3.0.0" - } - }, - { - "ExposeUsers": { - "name": "ExposeUsers", - "deprecated": true - } - }, - { - "Print": { - "name": "Print" - } - }, - { - "CSIndicators": { - "name": "CSIndicators", - "deprecated": true, - "depends_on": [ - "cs-indicators" - ] - } - }, - { - "PWEventPcapInfo": { - "name": "PWEventPcapInfo", - "deprecated": true, - "depends_on": [ - "event-pcap-info" - ] - } - }, - { - "JiraIssueQuery": { - "name": "JiraIssueQuery", - "deprecated": true, - "depends_on": [ - "jira-issue-query" - ] - } - }, - { - "ADGetAllUsersEmail": { - "name": "ADGetAllUsersEmail", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CuckooDetonateFile": { - "name": "CuckooDetonateFile", - "depends_on": [ - "cuckoo-create-task-from-file" - ] - } - }, - { - "EPORepoList": { - "name": "EPORepoList", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "GrrSetFlows": { - "name": "GrrSetFlows", - "depends_on": [ - "grr_set_flows" - ], - "script_executions": [ - "grr_set_flows" - ] - } - }, - { - "VectraGetDetetctionsById": { - "name": "VectraGetDetetctionsById", - "deprecated": true, - "depends_on": [ - "vec-get-detetctions-by-id" - ] - } - }, - { - "CommonD2": { - "name": "CommonD2" - } - }, - { - "FilterByList": { - "name": "FilterByList", - "script_executions": [ - "getList" - ] - } - }, - { - "ExtractHash": { - "name": "ExtractHash" - } - }, - { - "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { - "name": "commentsToContext" - } - }, - { - "ConvertXmlFileToJson": { - "name": "ConvertXmlFileToJson" - } - }, - { - "IPExtract": { - "name": "IPExtract", - "deprecated": true - } - }, - { - "DBotAverageScore": { - "name": "DBotAverageScore" - } - }, - { - "NessusCreateScan": { - "name": "NessusCreateScan", - "deprecated": true, - "depends_on": [ - "scan-create" - ] - } - }, - { - "StixParser": { - "name": "StixParser" - } - }, - { - "NessusShowEditorTemplates": { - "name": "NessusShowEditorTemplates", - "deprecated": true, - "depends_on": [ - "nessus-get-scans-editors" - ] - } - }, - { - "QrFullSearch": { - "name": "QrFullSearch", - "deprecated": true, - "depends_on": [ - "QrGetSearchResults", - "qr-get-search", - "qr-searches" - ], - "script_executions": [ - "QrGetSearchResults" - ] - } - }, - { - "FetchFromInstance": { - "name": "FetchFromInstance", - "fromversion": "4.0.0", - "deprecated": true - } - }, - { - "a6e348f4-1e40-4365-870c-52139c60779a": { - "name": "OktaGetUser", - "deprecated": true, - "depends_on": [ - "okta-get-user" - ] - } - }, - { - "VolConnscan": { - "name": "VolConnscan" - } - }, - { - "840aa9a7-04b2-4505-8238-8fe85f010dde": { - "name": "OktaActivateUser", - "deprecated": true, - "depends_on": [ - "okta-activate-user" - ] - } - }, - { - "CBLiveGetFile": { - "name": "CBLiveGetFile", - "depends_on": [ - "cb-session-create", - "cb-sensor-info", - "cb-command-create", - "cb-session-info", - "cb-file-get", - "cb-command-info", - "cb-list-sessions" - ] - } - }, - { - "ScheduleGenericPolling": { - "name": "ScheduleGenericPolling", - "fromversion": "4.0.0" - } - }, - { - "AddEvidence": { - "name": "AddEvidence", - "fromversion": "2.5.0" - } - }, - { - "Ping": { - "name": "Ping" - } - }, - { - "EncodeToAscii": { - "name": "EncodeToAscii" - } - }, - { - "ServiceNowCreateIncident": { - "name": "ServiceNowCreateIncident", - "depends_on": [ - "servicenow-query-table", - "servicenow-create-record" - ] - } - }, - { - "TriagePhishing": { - "name": "TriagePhishing", - "deprecated": true - } - }, - { - "LessThanPercentage": { - "name": "LessThanPercentage" - } - }, - { - "TrendmicroAlertStatus": { - "name": "TrendmicroAlertStatus", - "depends_on": [ - "trendmicro-alert-status" - ] - } - }, - { - "SandboxDetonateFile": { - "name": "SandboxDetonateFile", - "script_executions": [ - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "getEntry", - "CuckooDetonateFile", - "CuckooTaskStatus", - "CuckooGetReport" - ] - } - }, - { - "ParseEmailFiles": { - "name": "ParseEmailFiles", - "script_executions": [ - "getEntry", - "getFilePath" - ] - } - }, - { - "ConferSetSeverity": { - "name": "ConferSetSeverity", - "depends_on": [ - "confer" - ], - "script_executions": [ - "setSeverity" - ] - } - }, - { - "ReverseList": { - "name": "ReverseList" - } - }, - { - "ImpSfListEndpoints": { - "name": "ImpSfListEndpoints", - "depends_on": [ - "imp-sf-list-endpoints" - ] - } - }, - { - "9364c36f-b1d6-4233-88c2-75008b106c31": { - "name": "vmray_getResults", - "depends_on": [ - "get_job_sample" - ], - "script_executions": [ - "get_job_sample", - "get_results", - "scheduleEntry" - ] - } - }, - { - "InviteUser": { - "name": "InviteUser" - } - }, - { - "VectraDetections": { - "name": "VectraDetections", - "deprecated": true, - "depends_on": [ - "vec-detections" - ] - } - }, - { - "StaticAnalyze": { - "name": "StaticAnalyze" - } - }, - { - "GetContextValue": { - "name": "GetContextValue", - "deprecated": true - } - }, - { - "TaniumFilterComputersByIndexQueryFileDetails": { - "name": "TaniumFilterComputersByIndexQueryFileDetails", - "depends_on": [ - "tn-ask-manual-question" - ] - } - }, - { - "D2O365ComplianceSearch": { - "name": "D2O365ComplianceSearch" - } - }, - { - "SearchIncidents": { - "name": "SearchIncidents" - } - }, - { - "CuckooDisplayReport": { - "name": "CuckooDisplayReport", - "depends_on": [ - "ck-report" - ], - "script_executions": [ - "getFilePath", - "getEntry" - ] - } - }, - { - "VolPSList": { - "name": "VolPSList" - } - }, - { - "CBLiveProcessList": { - "name": "CBLiveProcessList", - "depends_on": [ - "cb-command-info", - "cb-command-create" - ] - } - }, - { - "GoogleappsGmailGetMail": { - "name": "GoogleappsGmailGetMail", - "deprecated": true, - "depends_on": [ - "googleapps-gmail-get-mail" - ] - } - }, - { - "PTEnrich": { - "name": "PTEnrich", - "depends_on": [ - "pt-osint", - "pt-whois", - "pt-malware", - "pt-enrichment", - "pt-get-subdomains", - "pt-ssl-cert", - "pt-passive-dns" - ] - } - }, - { - "ResolveShortenedURL": { - "name": "ResolveShortenedURL" - } - }, - { - "CommonServerUserPython": { - "name": "CommonServerUserPython" - } - }, - { - "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { - "name": "NetwitnessSearch", - "depends_on": [ - "nw-sdk-search" - ] - } - }, - { - "RunSqlQuery": { - "name": "RunSqlQuery", - "deprecated": true, - "depends_on": [ - "query" - ], - "script_executions": [ - "query" - ] - } - }, - { - "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { - "name": "VerifyContext", - "deprecated": true - } - }, - { - "TimeStampToDate": { - "name": "TimeStampToDate" - } - }, - { - "SlackAskUser": { - "name": "SlackAskUser", - "toversion": "3.1.0", - "depends_on": [ - "slack-send" - ], - "script_executions": [ - "addOneTimeEntitlement" - ] - } - }, - { - "CPShowAccessRulebase": { - "name": "CPShowAccessRulebase", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "VolNetworkConnections": { - "name": "VolNetworkConnections" - } - }, - { - "DemistoDeleteIncident": { - "name": "DemistoDeleteIncident", - "deprecated": true, - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "SSDeepReputation": { - "name": "SSDeepReputation", - "script_executions": [ - "findIndicators", - "getContext" - ] - } - }, - { - "GrrGetHunt": { - "name": "GrrGetHunt", - "depends_on": [ - "grr_get_hunt" - ], - "script_executions": [ - "grr_get_hunt" - ] - } - }, - { - "findIncidentsWithIndicator": { - "name": "findIncidentsWithIndicator" - } - }, - { - "ExifRead": { - "name": "ExifRead" - } - }, - { - "AlgosecGetTicket": { - "name": "AlgosecGetTicket", - "depends_on": [ - "algosec-get-ticket" - ] - } - }, - { - "IncapGetDomainApproverEmail": { - "name": "IncapGetDomainApproverEmail", - "depends_on": [ - "incap-get-domain-approver-email" - ] - } - }, - { - "ElasticSearchDisplay": { - "name": "ElasticSearchDisplay", - "depends_on": [ - "search" - ] - } - }, - { - "ContextGetIps": { - "name": "ContextGetIps" - } - }, - { - "D2Hardware": { - "name": "D2Hardware" - } - }, - { - "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { - "name": "OktaSearch", - "deprecated": true, - "depends_on": [ - "okta-search" - ] - } - }, - { - "TrendmicroSecurityProfileRetrieveAll": { - "name": "TrendmicroSecurityProfileRetrieveAll", - "depends_on": [ - "trendmicro-security-profile-retrieve-all" - ] - } - }, - { - "PanoramaConfig": { - "name": "PanoramaConfig", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "RepopulateFiles": { - "name": "RepopulateFiles", - "script_executions": [ - "getEntries" - ] - } - }, - { - "SendMessageToOnlineUsers": { - "name": "SendMessageToOnlineUsers" - } - }, - { - "SetIncidentCustomFields": { - "name": "SetIncidentCustomFields" - } - }, - { - "CEFParser": { - "name": "CEFParser" - } - }, - { - "ADSetNewPassword": { - "name": "ADSetNewPassword", - "deprecated": true, - "depends_on": [ - "ad-set-new-password" - ] - } - }, - { - "misp_upload_sample": { - "name": "misp_upload_sample", - "depends_on": [ - "internal-misp-upload-sample" - ], - "script_executions": [ - "getFilePath" - ] - } - }, - { - "IsValueInArray": { - "name": "IsValueInArray" - } - }, - { - "displayhtml": { - "name": "DisplayHTML" - } - }, - { - "VectraClassifier": { - "name": "VectraClassifier", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "JSONtoCSV": { - "name": "JSONtoCSV", - "script_executions": [ - "getEntry" - ] - } - }, - { - "ConferIncidentDetails": { - "name": "ConferIncidentDetails", - "depends_on": [ - "confer" - ] - } - }, - { - "ParseJSON": { - "name": "ParseJSON" - } - }, - { - "ScheduleCommand": { - "name": "ScheduleCommand" - } - }, - { - "XBTimeline": { - "name": "XBTimeline", - "depends_on": [ - "xb-timeline" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.1.0" - } - }, - { - "IncidentSet": { - "name": "IncidentSet", - "toversion": "3.5.0", - "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" - ] - } - }, - { - "DataIPReputation": { - "name": "DataIPReputation", - "deprecated": true - } - }, - { - "URLSSLVerification": { - "name": "URLSSLVerification" - } - }, - { - "EmailDomainSquattingReputation": { - "name": "EmailDomainSquattingReputation" - } - }, - { - "XBUser": { - "name": "XBUser", - "depends_on": [ - "xb-user" - ] - } - }, - { - "SNUpdateTicket": { - "name": "SNUpdateTicket", - "deprecated": true, - "depends_on": [ - "servicenow-incident-update" - ] - } - }, - { - "ticksToTime": { - "name": "ticksToTime" - } - }, - { - "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { - "name": "VirustotalIsMalicious", - "deprecated": true, - "depends_on": [ - "file" - ], - "script_executions": [ - "file", - "file" - ] - } - }, - { - "TopMaliciousRatioIndicators": { - "name": "TopMaliciousRatioIndicators", - "fromversion": "4.0.0", - "script_executions": [ - "findIndicators", - "maliciousRatio" - ] - } - }, - { - "SetMultipleValues": { - "name": "SetMultipleValues" - } - }, - { - "PanoramaCommit": { - "name": "PanoramaCommit", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "CloseInvestigation": { - "name": "CloseInvestigation", - "deprecated": true - } - }, - { - "CrowdStrikeUrlParse": { - "name": "CrowdStrikeUrlParse" - } - }, - { - "MarkRelatedIncidents": { - "name": "MarkRelatedIncidents" - } - }, - { - "DemistoSendInvite": { - "name": "DemistoSendInvite", - "depends_on": [ - "demisto-api-post", - "demisto-api-get" - ] - } - }, - { - "CommonIntegrationPython": { - "name": "CommonIntegrationPython", - "deprecated": true - } - }, - { - "RunDockerCommand": { - "name": "RunDockerCommand" - } - }, - { - "GoogleappsGmailSearch": { - "name": "GoogleappsGmailSearch", - "deprecated": true, - "depends_on": [ - "googleapps-gmail-search" - ] - } - }, - { - "EPODetermineRepository": { - "name": "EPODetermineRepository", - "deprecated": true - } - }, - { - "emailFieldTriggered": { - "name": "emailFieldTriggered" - } - }, - { - "TrendMicroGetPolicyID": { - "name": "TrendMicroGetPolicyID", - "depends_on": [ - "trendmicro-security-profile-retrieve-all" - ], - "script_executions": [ - "TrendmicroSecurityProfileRetrieveAll" - ] - } - }, - { - "AquatoneDiscover": { - "name": "AquatoneDiscover" - } - }, - { - "ExtractDomainFromURL": { - "name": "ExtractDomainFromURL", - "deprecated": true - } - }, - { - "NetwitnessSAUpdateIncident": { - "name": "NetwitnessSAUpdateIncident", - "deprecated": true, - "depends_on": [ - "nw-update-incident" - ] - } - }, - { - "UnzipFile": { - "name": "UnzipFile", - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "NetwitnessSAGetAvailableAssignees": { - "name": "NetwitnessSAGetAvailableAssignees", - "depends_on": [ - "nw-get-available-assignees" - ] - } - }, - { - "QualysCreateIncidentFromReport": { - "name": "QualysCreateIncidentFromReport", - "depends_on": [ - "qualys-host-list" - ], - "script_executions": [ - "getIncidents" - ] - } - }, - { - "CuckooDetonateURL": { - "name": "CuckooDetonateURL", - "depends_on": [ - "cuckoo-create-task-from-url" - ] - } - }, - { - "UserEnrichAD": { - "name": "UserEnrichAD", - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUser" - ] - } - }, - { - "WordTokenizer": { - "name": "WordTokenizer" - } - }, - { - "da8594b8-0b57-4cb2-8578-94754bb577c6": { - "name": "NetwitnessSAListIncidents", - "depends_on": [ - "nw-list-incidents" - ] - } - }, - { - "IsContextSet": { - "name": "IsContextSet", - "deprecated": true - } - }, - { - "Set": { - "name": "Set" - } - }, - { - "ArcherCreateSecurityIncident": { - "name": "ArcherCreateSecurityIncident", - "depends_on": [ - "archer-create-record" - ] - } - }, - { - "VolMalfindDumpAgent": { - "name": "VolMalfindDumpAgent" - } - }, - { - "TrendmicroSystemEventRetrieve": { - "name": "TrendmicroSystemEventRetrieve", - "depends_on": [ - "trendmicro-system-event-retrieve" - ] - } - }, - { - "MimecastFindEmail": { - "name": "MimecastFindEmail", - "depends_on": [ - "mimecast-query" - ] - } - }, - { - "D2Drop": { - "name": "D2Drop" - } - }, - { - "TaniumFindRunningProcesses": { - "name": "TaniumFindRunningProcesses", - "deprecated": true, - "depends_on": [ - "tn-add-question-complex", - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "NessusScanDetails": { - "name": "NessusScanDetails", - "deprecated": true, - "depends_on": [ - "scan-details" - ] - } - }, - { - "CBPCatalogFindHash": { - "name": "CBPCatalogFindHash", - "depends_on": [ - "cbp-fileCatalog-search" - ] - } - }, - { - "checkValue": { - "name": "checkValue" - } - }, - { - "WhileLoop": { - "name": "WhileLoop", - "deprecated": true - } - }, - { - "D2GetSystemLog": { - "name": "D2GetSystemLog" - } - }, - { - "CopyFileD2": { - "name": "CopyFileD2" - } - }, - { - "CheckFilesWildfirePy": { - "name": "CheckFilesWildfirePy", - "depends_on": [ - "wildfire-upload", - "wildfire-report" - ], - "script_executions": [ - "getEntries" - ] - } - }, - { - "ADGetGroupMembers": { - "name": "ADGetGroupMembers", - "depends_on": [ - "ad-search" - ] - } - }, - { - "SCPPullFiles": { - "name": "SCPPullFiles", - "depends_on": [ - "copy-from" - ] - } - }, - { - "ReadFile": { - "name": "ReadFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VectraSensors": { - "name": "VectraSensors", - "deprecated": true, - "depends_on": [ - "vec-sensors" - ] - } - }, - { - "QRadarFullSearch": { - "name": "QRadarFullSearch", - "deprecated": true, - "depends_on": [ - "qradar-get-search", - "qradar-get-search-results", - "qradar-searches" - ] - } - }, - { - "CSActors": { - "name": "CSActors", - "deprecated": true, - "depends_on": [ - "cs-actors" - ] - } - }, - { - "NessusGetReport": { - "name": "NessusGetReport", - "deprecated": true, - "depends_on": [ - "scan-report-download", - "scan-export", - "scan-export-status" - ] - } - }, - { - "VolRaw": { - "name": "VolRaw" - } - }, - { - "Base64Encode": { - "name": "Base64Encode" - } - }, - { - "LCMAcknowledgeHost": { - "name": "LCMAcknowledgeHost", - "depends_on": [ - "lcm-acknowledge-host" - ], - "script_executions": [ - "LCMHosts" - ] - } - }, - { - "ExtractEmail": { - "name": "ExtractEmail" - } - }, - { - "NexposeVulnExtractor": { - "name": "NexposeVulnExtractor", - "depends_on": [ - "nexpose" - ] - } - }, - { - "XBTriggeredRules": { - "name": "XBTriggeredRules", - "depends_on": [ - "xb-triggered-rules" - ] - } - }, - { - "LoadJSON": { - "name": "LoadJSON" - } - }, - { - "CommonUserServer": { - "name": "CommonUserServer" - } - }, - { - "IsMaliciousIndicatorFound": { - "name": "IsMaliciousIndicatorFound" - } - }, - { - "D2ActiveUsers": { - "name": "D2ActiveUsers" - } - }, - { - "BuildEWSQuery": { - "name": "BuildEWSQuery" - } - }, - { - "da330ce7-3a93-430c-8454-03b96cf5184e": { - "name": "OktaCreateUser", - "deprecated": true, - "depends_on": [ - "okta-create-user" - ] - } - }, - { - "JiraIssueUploadFile": { - "name": "JiraIssueUploadFile", - "deprecated": true, - "depends_on": [ - "jira-issue-upload-file" - ] - } - }, - { - "PanoramaDynamicAddressGroup": { - "name": "PanoramaDynamicAddressGroup", - "deprecated": true - } - }, - { - "ActiveUsersD2": { - "name": "ActiveUsersD2" - } - }, - { - "ParseExcel": { - "name": "ParseExcel", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "MatchRegex": { - "name": "MatchRegex" - } - }, - { - "ip_to_host": { - "name": "IPToHost" - } - }, - { - "AlgosecGetNetworkObject": { - "name": "AlgosecGetNetworkObject", - "depends_on": [ - "algosec-get-network-object" - ] - } - }, - { - "Autoruns": { - "name": "Autoruns" - } - }, - { - "VectraTriage": { - "name": "VectraTriage", - "deprecated": true, - "depends_on": [ - "vec-triage" - ] - } - }, - { - "ATDDetonate": { - "name": "ATDDetonate", - "depends_on": [ - "atd-get-report", - "atd-file-upload", - "atd-check-status" - ] - } - }, - { - "XBInfo": { - "name": "XBInfo" - } - }, - { - "NetwitnessSACreateIncident": { - "name": "NetwitnessSACreateIncident", - "depends_on": [ - "nw-create-incident" - ] - } - }, - { - "ExchangeSearchMailbox": { - "name": "ExchangeSearchMailbox" - } - }, - { - "DT": { - "name": "DT" - } - }, - { - "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { - "name": "VerifyContextFields", - "deprecated": true - } - }, - { - "5d44a5d9-d91a-4420-801f-755f26b60c47": { - "name": "cveLatest", - "deprecated": true, - "depends_on": [ - "cve-latest" - ] - } - }, - { - "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { - "name": "CheckpointFWCreateBackup", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "DemistoLogsBundle": { - "name": "DemistoLogsBundle", - "depends_on": [ - "demisto-api-download" - ] - } - }, - { - "ContextGetEmails": { - "name": "ContextGetEmails" - } - }, - { - "nexpose_create_incidents_from_assets": { - "name": "NexposeCreateIncidentsFromAssets", - "depends_on": [ - "nexpose-get-asset" - ], - "script_executions": [ - "getIncidents" - ] - } - }, - { - "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { - "name": "BlockIP" - } - }, - { - "ExchangeSearch": { - "name": "ExchangeSearch", - "deprecated": true, - "depends_on": [ - "ews-search-mailbox" - ] - } - }, - { - "CPSetRule": { - "name": "CPSetRule", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint", - "checkpoint" - ] - } - }, - { - "VolGetProcWithMalNetConn": { - "name": "VolGetProcWithMalNetConn" - } - }, - { - "ConvertTableToHTML": { - "name": "ConvertTableToHTML" - } - }, - { - "StringLength": { - "name": "StringLength" - } - }, - { - "CuckooGetScreenshot": { - "name": "CuckooGetScreenshot", - "depends_on": [ - "cuckoo-task-screenshot" - ] - } - }, - { - "VolMalfind": { - "name": "VolMalfind" - } - }, - { - "ExposeModules": { - "name": "ExposeModules", - "deprecated": true - } - }, - { - "GrrGetFlows": { - "name": "GrrGetFlows", - "depends_on": [ - "grr_get_flows" - ], - "script_executions": [ - "grr_get_flows" - ] - } - }, - { - "IsTrue": { - "name": "IsTrue" - } - }, - { - "SplunkSearchJsonPy": { - "name": "SplunkSearchJsonPy", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "UnEscapeURLs": { - "name": "UnEscapeURLs" - } - }, - { - "ProofpointDecodeURL": { - "name": "ProofpointDecodeURL" - } - }, - { - "ReadPDFFile": { - "name": "ReadPDFFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "ContextContains": { - "name": "ContextContains" - } - }, - { - "ADIsUserMember": { - "name": "ADIsUserMember", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUserGroups", - "AdSearch" - ] - } - }, - { - "PanoramaMove": { - "name": "PanoramaMove", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "ADGetUserGroups": { - "name": "ADGetUserGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "ADUserLogonInfo": { - "name": "ADUserLogonInfo", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "Osxcollector": { - "name": "Osxcollector" - } - }, - { - "PWObservationPcapInfo": { - "name": "PWObservationPcapInfo", - "deprecated": true, - "depends_on": [ - "observation-pcap-info" - ] - } - }, - { - "QrSearches": { - "name": "QrSearches", - "deprecated": true, - "depends_on": [ - "qr-searches" - ] - } - }, - { - "ExtractIndicatorsFromTextFile": { - "name": "ExtractIndicatorsFromTextFile" - } - }, - { - "CheckIPs": { - "name": "CheckIPs", - "deprecated": true, - "script_executions": [ - "ip" - ] - } - }, - { - "VolDlllist": { - "name": "VolDlllist" - } - }, - { - "FPSetRule": { - "name": "FPSetRule", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "TrendMicroClassifier": { - "name": "TrendMicroClassifier", - "depends_on": [ - "trendmicro-alert-status" - ] - } - }, - { - "TrendMicroGetHostID": { - "name": "TrendMicroGetHostID", - "depends_on": [ - "trendmicro-host-retrieve-all" - ], - "script_executions": [ - "TrendmicroHostRetrieveAll" - ] - } - }, - { - "ExtractDomainFromUrlAndEmail": { - "name": "ExtractDomainFromUrlAndEmail" - } - }, - { - "VectraSettings": { - "name": "VectraSettings", - "deprecated": true, - "depends_on": [ - "vec-settings" - ] - } - }, - { - "GenerateInvestigationSummaryReport": { - "name": "GenerateInvestigationSummaryReport", - "fromversion": "3.5.0" - } - }, - { - "DataDomainReputation": { - "name": "DataDomainReputation", - "fromversion": "3.1.0" - } - }, - { - "EPORepositoryComplianceCheck": { - "name": "EPORepositoryComplianceCheck", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "PWObservations": { - "name": "PWObservations", - "deprecated": true, - "depends_on": [ - "observation-search" - ] - } - }, - { - "DBotPredictTextLabel": { - "name": "DBotPredictTextLabel", - "fromversion": "4.1.0", - "script_executions": [ - "getList" - ] - } - }, - { - "InRange": { - "name": "InRange" - } - }, - { - "IngestCSV": { - "name": "IngestCSV", - "deprecated": true, - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "TrendmicroHostAntimalwareScan": { - "name": "TrendmicroHostAntimalwareScan", - "depends_on": [ - "trendmicro-host-antimalware-scan" - ] - } - }, - { - "QrGetSearchResults": { - "name": "QrGetSearchResults", - "deprecated": true, - "depends_on": [ - "qr-get-search-results" - ] - } - }, - { - "NessusHostDetails": { - "name": "NessusHostDetails", - "deprecated": true, - "depends_on": [ - "scan-host-details" - ] - } - }, - { - "WhereFieldEquals": { - "name": "WhereFieldEquals" - } - }, - { - "OSQueryUsers": { - "name": "OSQueryUsers", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "CrowdStrikeStreamingPreProcessing": { - "name": "CrowdStrikeStreamingPreProcessing", - "script_executions": [ - "addEntries" - ] - } - }, - { - "Strings": { - "name": "Strings", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "QrOffenses": { - "name": "QrOffenses", - "deprecated": true, - "depends_on": [ - "qr-offenses" - ] - } - }, - { - "LCMHosts": { - "name": "LCMHosts" - } - }, - { - "RegProbeBasic": { - "name": "RegProbeBasic" - } - }, - { - "ContextGetHashes": { - "name": "ContextGetHashes" - } - }, - { - "NexposeEmailParser": { - "name": "NexposeEmailParser", - "depends_on": [ - "nexpose" - ] - } - }, - { - "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { - "name": "WhileNotMdLoop", - "deprecated": true - } - }, - { - "SlackMirror": { - "name": "SlackMirror", - "deprecated": true, - "depends_on": [ - "slack-mirror-investigation" - ] - } - }, - { - "CheckFiles": { - "name": "CheckFiles", - "deprecated": true, - "depends_on": [ - "file" - ] - } - }, - { - "IsIPInRanges": { - "name": "IsIPInRanges" - } - }, - { - "CBSessions": { - "name": "CBSessions", - "depends_on": [ - "cb-list-sessions" - ] - } - }, - { - "JSONFileToCSV": { - "name": "JSONFileToCSV", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "GeneratePassword": { - "name": "GeneratePassword" - } - }, - { - "IncidentSet": { - "name": "IncidentSet", - "fromversion": "3.5.1", - "deprecated": true, - "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" - ] - } - }, - { - "GoogleAuthURL": { - "name": "GoogleAuthURL" - } - }, - { - "DataURLReputation": { - "name": "DataURLReputation", - "toversion": "3.0.1" - } - }, - { - "IPReputation": { - "name": "IPReputation", - "script_executions": [ - "ip" - ] - } - }, - { - "AwsCreateImage": { - "name": "AwsCreateImage", - "depends_on": [ - "create-image" - ] - } - }, - { - "WildfireReport": { - "name": "WildfireReport", - "deprecated": true, - "depends_on": [ - "wildfire-report" - ] - } - }, - { - "LCMIndicatorsForEntity": { - "name": "LCMIndicatorsForEntity", - "depends_on": [ - "lcm-indicatorsforentity" - ] - } - }, - { - "hideFieldsOnNewIncident": { - "name": "hideFieldsOnNewIncident", - "fromversion": "3.6.0" - } - }, - { - "ImpSfScheduleTask": { - "name": "ImpSfScheduleTask", - "depends_on": [ - "ImpSfRevokeUnaccessedDevices", - "scheduleEntry" - ], - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "ServiceNowUpdateIncident": { - "name": "ServiceNowUpdateIncident", - "depends_on": [ - "servicenow-query-table", - "servicenow-update-record" - ] - } - }, - { - "DataIPReputation": { - "name": "DataIPReputation", - "toversion": "3.0.1" - } - }, - { - "SetDateField": { - "name": "SetDateField", - "script_executions": [ - "setIncident" - ] - } - }, - { - "ADGetEmailForUser": { - "name": "ADGetEmailForUser", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.6.0", - "fromversion": "3.5.0" - } - }, - { - "PWEventDetails": { - "name": "PWEventDetails", - "deprecated": true, - "depends_on": [ - "pw-event-get" - ] - } - }, - { - "CheckSenderDomainDistance": { - "name": "CheckSenderDomainDistance" - } - }, - { - "7b02fa0f-94ff-48c7-8350-b4e353702e73": { - "name": "VMRay", - "depends_on": [ - "upload_sample" - ], - "script_executions": [ - "getFilePath", - "upload_sample", - "scheduleEntry" - ] - } - }, - { - "PWObservationPcapDownload": { - "name": "PWObservationPcapDownload", - "depends_on": [ - "observation-pcap-download" - ] - } - }, - { - "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { - "name": "cveReputation", - "depends_on": [ - "cve-search" - ] - } - }, - { - "ParseEmailHeader": { - "name": "ParseEmailHeaders", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "IndicatorMaliciousRatioCalculation": { - "name": "IndicatorMaliciousRatioCalculation", - "fromversion": "3.5.0", - "script_executions": [ - "findIndicators", - "getIncidents", - "getIncidents" - ] - } - }, - { - "BinaryReputationPy": { - "name": "BinaryReputationPy", - "deprecated": true, - "depends_on": [ - "file" - ], - "script_executions": [ - "getEntries", - "file", - "file" - ] - } - }, - { - "ArcherUpdateSecurityIncident": { - "name": "ArcherUpdateSecurityIncident", - "depends_on": [ - "archer-update-record" - ] - } - }, - { - "IsListExist": { - "name": "IsListExist", - "script_executions": [ - "getList" - ] - } - }, - { - "CSCountDevicesForIOC": { - "name": "CSCountDevicesForIOC", - "deprecated": true, - "depends_on": [ - "cs-device-count-ioc" - ] - } - }, - { - "LCMSetHostComment": { - "name": "LCMSetHostComment", - "depends_on": [ - "lcm-set-host-comment" - ], - "script_executions": [ - "LCMHosts" - ] - } - }, - { - "D2Exec": { - "name": "D2Exec" - } - }, - { - "OSQueryProcesses": { - "name": "OSQueryProcesses", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "NessusScanStatus": { - "name": "NessusScanStatus", - "deprecated": true, - "depends_on": [ - "scan-details" - ] - } - }, - { - "DemistoLinkIncidents": { - "name": "DemistoLinkIncidents", - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "JiraCreateIssue": { - "name": "JiraCreateIssue", - "deprecated": true, - "depends_on": [ - "jira-create-issue" - ] - } - }, - { - "LocateAttachment": { - "name": "LocateAttachment", - "deprecated": true, - "script_executions": [ - "getEntries" - ] - } - }, - { - "ADGetComputerGroups": { - "name": "ADGetComputerGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "AdSearch" - ] - } - }, - { - "MapValues": { - "name": "MapValues" - } - }, - { - "QrGetSearch": { - "name": "QrGetSearch", - "deprecated": true, - "depends_on": [ - "qr-get-search" - ] - } - }, - { - "EmailAskUser": { - "name": "EmailAskUser", - "fromversion": "4.0.0" - } - }, - { - "AwsGetInstanceInfo": { - "name": "AwsGetInstanceInfo", - "depends_on": [ - "get-instance-info", - "get-ebs-volume-info", - "get-sg-info" - ] - } - }, - { - "CreateArray": { - "name": "CreateArray" - } - }, - { - "ADListUsers": { - "name": "ADListUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CBPFindRule": { - "name": "CBPFindRule", - "depends_on": [ - "cbp-fileRule-search" - ] - } - }, - { - "GoogleappsListUsers": { - "name": "GoogleappsListUsers", - "deprecated": true, - "depends_on": [ - "googleapps-list-users" - ] - } - }, - { - "ParseCSV": { - "name": "ParseCSV", - "script_executions": [ - "getEntries" - ] - } - }, - { - "D2Winpmem": { - "name": "D2Winpmem" - } - }, - { - "AlgosecGetApplications": { - "name": "AlgosecGetApplications", - "depends_on": [ - "algosec-get-applications" - ] - } - }, - { - "Elasticsearch": { - "name": "Elasticsearch", - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "EPOUpdateRepository": { - "name": "EPOUpdateRepository", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "ZipFile": { - "name": "ZipFile", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VectraSummary": { - "name": "VectraSummary", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "MattermostAskUser": { - "name": "MattermostAskUser", - "depends_on": [ - "mattermost-send" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "WhoisSummary": { - "name": "WhoisSummary", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "AssignAnalystToIncident": { - "name": "AssignAnalystToIncident" - } - }, - { - "Base64ListToFile": { - "name": "Base64ListToFile", - "script_executions": [ - "getList" - ] - } - }, - { - "LCMPathFinderScanHost": { - "name": "LCMPathFinderScanHost", - "depends_on": [ - "lcm-pathfinder-scan" - ] - } - }, - { - "IncapScheduleTask": { - "name": "IncapScheduleTask", - "depends_on": [ - "scheduleEntry", - "IncapWhitelistCompliance" - ], - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "SbQuery": { - "name": "SbQuery", - "depends_on": [ - "sb-query" - ] - } - }, - { - "GetStringsDistance": { - "name": "GetStringsDistance" - } - }, - { - "CSHuntByIOC": { - "name": "CSHuntByIOC", - "deprecated": true, - "depends_on": [ - "cs-device-ran-on" - ] - } - }, - { - "FireEyeDetonateFile": { - "name": "FireEyeDetonateFile", - "depends_on": [ - "fe-submit", - "fe-submit-result", - "fe-submit-status" - ], - "script_executions": [ - "IsIntegrationAvailable" - ] - } - }, - { - "514ec833-c02c-49a3-8ac6-d982198f5fa0": { - "name": "OktaUpdateUser", - "deprecated": true, - "depends_on": [ - "okta-update-user" - ] - } - }, - { - "JoinIfSingleElementOnly": { - "name": "JoinIfSingleElementOnly" - } - }, - { - "PWObservationDetails": { - "name": "PWObservationDetails", - "deprecated": true, - "depends_on": [ - "pw-observation-get" - ] - } - }, - { - "SNOpenTicket": { - "name": "SNOpenTicket", - "deprecated": true, - "depends_on": [ - "servicenow-incident-create" - ] - } - }, - { - "IPInfoQuery": { - "name": "IPInfoQuery", - "deprecated": true, - "depends_on": [ - "ipinfo_field" - ], - "script_executions": [ - "ipinfo_field", - "ip" - ] - } - }, - { - "RegCollectValues": { - "name": "RegCollectValues" - } - }, - { - "MD5Extract": { - "name": "MD5Extract", - "deprecated": true - } - }, - { - "CommonIntegration": { - "name": "CommonIntegration", - "deprecated": true - } - }, - { - "CBPBanHash": { - "name": "CBPBanHash", - "depends_on": [ - "cbp-fileRule-update" - ] - } - }, - { - "URLDecode": { - "name": "URLDecode" - } - }, - { - "AwsRunInstance": { - "name": "AwsRunInstance", - "depends_on": [ - "run-instance" - ] - } - }, - { - "EPORetrieveCurrentDATVersion": { - "name": "EPORetrieveCurrentDATVersion", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "TaniumShowPendingActions": { - "name": "TaniumShowPendingActions", - "deprecated": true, - "depends_on": [ - "tn-get-object" - ] - } - }, - { - "PrintErrorEntry": { - "name": "PrintErrorEntry", - "fromversion": "4.0.0" - } - }, - { - "SEPCheckOutdatedEndpoints": { - "name": "SEPCheckOutdatedEndpoints", - "depends_on": [ - "sep-client-content" - ] - } - }, - { - "URLNumberOfAds": { - "name": "URLNumberOfAds" - } - }, - { - "IncidentToContext": { - "name": "IncidentToContext", - "deprecated": true - } - }, - { - "D2Users": { - "name": "D2Users" - } - }, - { - "StripChars": { - "name": "StripChars" - } - }, - { - "RegPathReputationBasicLists": { - "name": "RegPathReputationBasicLists" - } - }, - { - "IsIntegrationAvailable": { - "name": "IsIntegrationAvailable" - } - }, - { - "ExposeIncidentOwner": { - "name": "ExposeIncidentOwner" - } - }, - { - "EmailReputation": { - "name": "EmailReputation", - "script_executions": [ - "email" - ] - } - }, - { - "AwsCreateVolumeSnapshot": { - "name": "AwsCreateVolumeSnapshot", - "depends_on": [ - "create-volume-snapshot" - ] - } - }, - { - "CreateEmailHtmlBody": { - "name": "CreateEmailHtmlBody" - } - }, - { - "listExecutedCommands": { - "name": "listExecutedCommands" - } - }, - { - "EPOUpdateEndpoints": { - "name": "EPOUpdateEndpoints", - "deprecated": true, - "depends_on": [ - "epo-command" - ] - } - }, - { - "CheckSender": { - "name": "CheckSender", - "depends_on": [ - "pipl-search" - ] - } - }, - { - "NessusLaunchScan": { - "name": "NessusLaunchScan", - "deprecated": true, - "depends_on": [ - "scan-launch" - ] - } - }, - { - "ADGetGroupUsers": { - "name": "ADGetGroupUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CPTaskStatus": { - "name": "CPTaskStatus", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "80b5c44c-4eac-4e00-812f-6d409d57be31": { - "name": "WhoisLookup", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "NetwitnessSAAddEventsToIncident": { - "name": "NetwitnessSAAddEventsToIncident", - "depends_on": [ - "nw-add-events-to-incident" - ] - } - }, - { - "StopScheduledTask": { - "name": "StopScheduledTask", - "script_executions": [ - "scheduleEntry" - ] - } - }, - { - "SalesforceAskUser": { - "name": "SalesforceAskUser", - "depends_on": [ - "salesforce-push-comment" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "ADListUsersEx": { - "name": "ADListUsersEx", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "OSQueryOpenSockets": { - "name": "OSQueryOpenSockets", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "EsmExample": { - "name": "EsmExample", - "depends_on": [ - "search" - ] - } - }, - { - "SetSeverityByScore": { - "name": "SetSeverityByScore", - "script_executions": [ - "IncidentSet", - "IncidentSet", - "IncidentSet" - ] - } - }, - { - "RSAArcherManualFetch": { - "name": "RSAArcherManualFetch", - "depends_on": [ - "archer-manually-fetch-incident" - ], - "script_executions": [ - "createNewIncident" - ] - } - }, - { - "CheckpointFWBackupStatus": { - "name": "CheckpointFWBackupStatus", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "VolImageinfo": { - "name": "VolImageinfo" - } - }, - { - "CBPApproveHash": { - "name": "CBPApproveHash", - "depends_on": [ - "cbp-fileRule-update" - ] - } - }, - { - "ParseEmailFile": { - "name": "ParseEmailFile", - "deprecated": true, - "script_executions": [ - "getEntry", - "getFilePath" - ] - } - }, - { - "GoogleappsRevokeUserRole": { - "name": "GoogleappsRevokeUserRole", - "depends_on": [ - "googleapps-revoke-user-role" - ] - } - }, - { - "DBotPredictPhishingEvaluation": { - "name": "DBotPredictPhishingEvaluation", - "fromversion": "4.1.0", - "script_executions": [ - "DBotPreparePhishingData", - "setIncident" - ] - } - }, - { - "DemistoUploadFile": { - "name": "DemistoUploadFile", - "depends_on": [ - "demisto-api-multipart" - ] - } - }, - { - "SNListTickets": { - "name": "SNListTickets", - "deprecated": true, - "depends_on": [ - "servicenow-incidents-query" - ] - } - }, - { - "JiraIssueAddComment": { - "name": "JiraIssueAddComment", - "deprecated": true, - "depends_on": [ - "jira-issue-add-comment" - ] - } - }, - { - "AlgosecCreateTicket": { - "name": "AlgosecCreateTicket", - "depends_on": [ - "algosec-create-ticket" - ] - } - }, - { - "DeleteContext": { - "name": "DeleteContext" - } - }, - { - "ADGetUsersByEmail": { - "name": "ADGetUsersByEmail", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "LanguageDetect": { - "name": "LanguageDetect" - } - }, - { - "IncapGetAppInfo": { - "name": "IncapGetAppInfo", - "depends_on": [ - "incap-get-app-info" - ] - } - }, - { - "SplunkEmailParser": { - "name": "SplunkEmailParser", - "depends_on": [ - "search" - ] - } - }, - { - "GetTime": { - "name": "GetTime" - } - }, - { - "PortListenCheck": { - "name": "PortListenCheck" - } - }, - { - "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { - "name": "WhileNotExistLoop", - "deprecated": true - } - }, - { - "PanoramaBlockIP": { - "name": "PanoramaBlockIP", - "deprecated": true, - "depends_on": [ - "panorama" - ] - } - }, - { - "IdentifyAttachedEmail": { - "name": "IdentifyAttachedEmail", - "script_executions": [ - "getEntries" - ] - } - }, - { - "D2Services": { - "name": "D2Services" - } - }, - { - "AlgosecQuery": { - "name": "AlgosecQuery", - "depends_on": [ - "algosec-query" - ] - } - }, - { - "AwsStartInstance": { - "name": "AwsStartInstance", - "depends_on": [ - "start-instance" - ] - } - }, - { - "DomainReputation": { - "name": "DomainReputation", - "script_executions": [ - "domain" - ] - } - }, - { - "GetDuplicatesMlv2": { - "name": "GetDuplicatesMlv2", - "fromversion": "3.5.0", - "script_executions": [ - "getIncidents", - "findIndicators", - "getIncidents" - ] - } - }, - { - "JIRAPrintIssue": { - "name": "JIRAPrintIssue", - "depends_on": [ - "jira-get-issue" - ] - } - }, - { - "FPDeleteRule": { - "name": "FPDeleteRule", - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "isError": { - "name": "isError" - } - }, - { - "CommonServerPython": { - "name": "CommonServerPython" - } - }, - { - "10cb3486-48f3-4d93-88af-b6be84ffd432": { - "name": "OktaGetGroups", - "deprecated": true, - "depends_on": [ - "okta-get-groups" - ] - } - }, - { - "DocumentationAutomation": { - "name": "DocumentationAutomation", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "FileReputation": { - "name": "FileReputation", - "script_executions": [ - "file" - ] - } - }, - { - "AreValuesEqual": { - "name": "AreValuesEqual" - } - }, - { - "LCMDetectedEntities": { - "name": "LCMDetectedEntities", - "depends_on": [ - "lcm-entities" - ] - } - }, - { - "UtilAnyResults": { - "name": "UtilAnyResults" - } - }, - { - "ExampleJSScript": { - "name": "ExampleJSScript" - } - }, - { - "UnEscapeIPs": { - "name": "UnEscapeIPs" - } - }, - { - "OSQueryLoggedInUsers": { - "name": "OSQueryLoggedInUsers", - "depends_on": [ - "OSQueryBasicQuery" - ], - "script_executions": [ - "OSQueryBasicQuery" - ] - } - }, - { - "FindSimilarIncidentsByText": { - "name": "FindSimilarIncidentsByText" - } - }, - { - "IncapWhitelistCompliance": { - "name": "IncapWhitelistCompliance", - "depends_on": [ - "incap-get-domain-approver-email", - "RemoteExec", - "incap-list-sites", - "SendEmail" - ], - "script_executions": [ - "SendEmail", - "RemoteExec" - ] - } - }, - { - "c99e196b-e05e-41f2-82cb-6798f33cb653": { - "name": "cveSearch", - "deprecated": true, - "depends_on": [ - "cve-search" - ] - } - }, - { - "5e125fdd-72f1-455f-89fa-e6f9405174a4": { - "name": "NotInContextVerification" - } - }, - { - "ExtractDomain": { - "name": "ExtractDomain" - } - }, - { - "DemistoCreateList": { - "name": "DemistoCreateList", - "depends_on": [ - "demisto-api-post" - ] - } - }, - { - "ServiceNowQueryIncident": { - "name": "ServiceNowQueryIncident", - "depends_on": [ - "servicenow-query-table" - ] - } - }, - { - "MimecastQuery": { - "name": "MimecastQuery", - "depends_on": [ - "mimecast-query" - ] - } - }, - { - "misp_download_sample": { - "name": "misp_download_sample", - "depends_on": [ - "internal-misp-download-sample" - ] - } - }, - { - "ExchangeDeleteIDsFromContext": { - "name": "ExchangeDeleteIDsFromContext", - "deprecated": true, - "depends_on": [ - "ews-delete-items" - ] - } - }, - { - "DumpJSON": { - "name": "DumpJSON" - } - }, - { - "ADGetGroupComputers": { - "name": "ADGetGroupComputers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "TrendmicroAntiMalwareEventRetrieve": { - "name": "TrendmicroAntiMalwareEventRetrieve", - "depends_on": [ - "trendmicro-anti-malware-event-retrieve" - ] - } - }, - { - "Sleep": { - "name": "Sleep" - } - }, - { - "AdSearch": { - "name": "AdSearch", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "XBNotable": { - "name": "XBNotable", - "depends_on": [ - "xb-notable" - ] - } - }, - { - "GoogleappsGetUser": { - "name": "GoogleappsGetUser", - "deprecated": true, - "depends_on": [ - "googleapps-get-user" - ] - } - }, - { - "CBLiveFetchFiles": { - "name": "CBLiveFetchFiles", - "depends_on": [ - "CBLiveGetFile" - ], - "script_executions": [ - "CBLiveGetFile" - ] - } - }, - { - "JiraIssueAddLink": { - "name": "JiraIssueAddLink", - "deprecated": true, - "depends_on": [ - "jira-issue-add-link" - ] - } - }, - { - "ContextSearchForString": { - "name": "ContextSearchForString" - } - }, - { - "ShowOnMap": { - "name": "ShowOnMap" - } - }, - { - "CBFindIP": { - "name": "CBFindIP", - "depends_on": [ - "CBSearch" - ], - "script_executions": [ - "CBSearch" - ] - } - }, - { - "D2Rekall": { - "name": "D2Rekall" - } - }, - { - "CuckooGetReport": { - "name": "CuckooGetReport", - "depends_on": [ - "cuckoo-get-task-report" - ] - } - }, - { - "BinarySearchPy": { - "name": "BinarySearchPy", - "depends_on": [ - "cb-process" - ], - "script_executions": [ - "getEntries" - ] - } - }, - { - "Volatility": { - "name": "Volatility" - } - }, - { - "GrrGetFiles": { - "name": "GrrGetFiles", - "depends_on": [ - "grr_get_files" - ], - "script_executions": [ - "grr_get_files" - ] - } - }, - { - "FetchFileD2": { - "name": "FetchFileD2" - } - }, - { - "ToTable": { - "name": "ToTable" - } - }, - { - "XBLockouts": { - "name": "XBLockouts", - "depends_on": [ - "xb-lockouts" - ] - } - }, - { - "ExchangeAssignRole": { - "name": "ExchangeAssignRole" - } - }, - { - "GrrSetHunts": { - "name": "GrrSetHunts", - "depends_on": [ - "grr_set_hunts" - ], - "script_executions": [ - "grr_set_hunts" - ] - } - }, - { - "MaliciousRatioReputation": { - "name": "MaliciousRatioReputation", - "fromversion": "4.0.0", - "script_executions": [ - "findIndicators", - "maliciousRatio" - ] - } - }, - { - "EPOFindSystem": { - "name": "EPOFindSystem", - "depends_on": [ - "epo-command" - ] - } - }, - { - "TaniumAskQuestionComplex": { - "name": "TaniumAskQuestionComplex", - "deprecated": true, - "depends_on": [ - "tn-add-question-complex", - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "DataURLReputation": { - "name": "DataURLReputation", - "deprecated": true - } - }, - { - "DataHashReputation": { - "name": "DataHashReputation", - "toversion": "3.0.1", - "depends_on": [ - "file" - ] - } - }, - { - "GetIndicatorDBotScore": { - "name": "GetIndicatorDBotScore", - "fromversion": "3.5.0", - "script_executions": [ - "getIndicator" - ] - } - }, - { - "HTTPListRedirects": { - "name": "HTTPListRedirects" - } - }, - { - "DataHashReputation": { - "name": "DataHashReputation", - "deprecated": true, - "depends_on": [ - "file" - ] - } - }, - { - "CBEvents": { - "name": "CBEvents", - "depends_on": [ - "cb-process", - "process-events" - ] - } - }, - { - "Whois": { - "name": "Whois", - "deprecated": true, - "depends_on": [ - "whois" - ] - } - }, - { - "MarkAsNoteByTag": { - "name": "MarkAsNoteByTag", - "script_executions": [ - "getEntries", - "markAsNote" - ] - } - }, - { - "TaniumApprovePendingActions": { - "name": "TaniumApprovePendingActions", - "deprecated": true, - "depends_on": [ - "tn-add-object", - "tn-get-object" - ] - } - }, - { - "GenericPollingScheduledTask": { - "name": "GenericPollingScheduledTask" - } - }, - { - "NessusListScans": { - "name": "NessusListScans", - "deprecated": true, - "depends_on": [ - "scans-list" - ] - } - }, - { - "TaniumAskQuestion": { - "name": "TaniumAskQuestion", - "deprecated": true, - "depends_on": [ - "tn-result-data", - "tn-result-info" - ] - } - }, - { - "ExportToCSV": { - "name": "ExportToCSV" - } - }, - { - "URLReputation": { - "name": "URLReputation", - "script_executions": [ - "url" - ] - } - }, - { - "IncidentAddSystem": { - "name": "IncidentAddSystem" - } - }, - { - "FindSimilarIncidents": { - "name": "FindSimilarIncidents", - "script_executions": [ - "getContext" - ] - } - }, - { - "CPDeleteRule": { - "name": "CPDeleteRule", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint", - "checkpoint" - ] - } - }, - { - "RegexGroups": { - "name": "RegexGroups" - } - }, - { - "RemoteExec": { - "name": "RemoteExec", - "depends_on": [ - "ssh" - ] - } - }, - { - "PublishEntriesToContext": { - "name": "PublishEntriesToContext" - } - }, - { - "http": { - "name": "http", - "toversion": "3.1.0" - } - }, - { - "GoogleappsGetUserRoles": { - "name": "GoogleappsGetUserRoles", - "deprecated": true, - "depends_on": [ - "googleapps-get-user-roles" - ] - } - }, - { - "ExchangeDeleteMail": { - "name": "ExchangeDeleteMail" - } - }, - { - "SbUpload": { - "name": "SbUpload", - "depends_on": [ - "sb-upload" - ] - } - }, - { - "3dd62013-4fed-43eb-8ae4-91b1b4250599": { - "name": "OktaSetPassword", - "deprecated": true, - "depends_on": [ - "okta-set-password" - ] - } - }, - { - "D2Processes": { - "name": "D2Processes" - } - }, - { - "IncapListSites": { - "name": "IncapListSites", - "depends_on": [ - "incap-list-sites" - ] - } - }, - { - "ADGetEmailForAllUsers": { - "name": "ADGetEmailForAllUsers", - "deprecated": true, - "depends_on": [ - "ad-search" - ] - } - }, - { - "CuckooTaskStatus": { - "name": "CuckooTaskStatus", - "depends_on": [ - "cuckoo-view-task" - ] - } - }, - { - "PWEvents": { - "name": "PWEvents", - "deprecated": true, - "depends_on": [ - "search" - ], - "script_executions": [ - "search" - ] - } - }, - { - "NexposeEmailParserForVuln": { - "name": "NexposeEmailParserForVuln", - "depends_on": [ - "nexpose" - ] - } - }, - { - "CloseInvestigationAsDuplicate": { - "name": "CloseInvestigationAsDuplicate", - "script_executions": [ - "linkIncidents" - ] - } - }, - { - "GetDuplicatesMl": { - "name": "GetDuplicatesMl", - "fromversion": "3.5.0", - "deprecated": true, - "script_executions": [ - "getIncidents", - "findIndicators", - "getIncidents" - ] - } - }, - { - "FailedInstances": { - "name": "FailedInstances", - "fromversion": "4.0.0" - } - }, - { - "UnPackFile": { - "name": "UnPackFile", - "script_executions": [ - "getEntries", - "getFilePath" - ] - } - }, - { - "http": { - "name": "http", - "fromversion": "3.5.0" - } - }, - { - "DBotPredictPhishingLabel": { - "name": "DBotPredictPhishingLabel", - "fromversion": "4.1.0", - "script_executions": [ - "DBotPredictTextLabel" - ] - } - }, - { - "CPCreateBackup": { - "name": "CPCreateBackup", - "deprecated": true, - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "ExtractIP": { - "name": "ExtractIP" - } - }, - { - "CheckURLs": { - "name": "CheckURLs", - "deprecated": true, - "script_executions": [ - "url" - ] - } - }, - { - "SplunkPySearch": { - "name": "SplunkPySearch", - "depends_on": [ - "splunk-search" - ] - } - }, - { - "GrrGetHunts": { - "name": "GrrGetHunts", - "depends_on": [ - "grr_get_hunts" - ], - "script_executions": [ - "grr_get_hunts" - ] - } - }, - { - "ImpSfSetEndpointStatus": { - "name": "ImpSfSetEndpointStatus", - "depends_on": [ - "imp-sf-set-endpoint-status" - ] - } - }, - { - "PCAPMiner": { - "name": "PCAPMiner", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "D2GetFile": { - "name": "D2GetFile" - } - }, - { - "PagerDutyAssignOnCallUser": { - "name": "PagerDutyAssignOnCallUser", - "depends_on": [ - "PagerDuty-get-users-on-call-now" - ] - } - }, - { - "ExtractHTMLTables": { - "name": "ExtractHTMLTables" - } - }, - { - "ContainsCreditCardInfo": { - "name": "ContainsCreditCardInfo" - } - }, - { - "CBSearch": { - "name": "CBSearch" - } - }, - { - "DataDomainReputation": { - "name": "DataDomainReputation", - "toversion": "3.0.1" - } - }, - { - "DBotClosedIncidentsPercentage": { - "name": "DBotClosedIncidentsPercentage" - } - }, - { - "CBAlerts": { - "name": "CBAlerts", - "depends_on": [ - "cb-alert" - ] - } - }, - { - "ParseWordDoc": { - "name": "ParseWordDoc", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "VolJson": { - "name": "VolJson" - } - }, - { - "SlackSend": { - "name": "SlackSend", - "deprecated": true, - "depends_on": [ - "slack-send" - ] - } - }, - { - "ExposeList": { - "name": "ExposeList", - "deprecated": true - } - }, - { - "VectraHealth": { - "name": "VectraHealth", - "deprecated": true, - "depends_on": [ - "vec-health" - ] - } - }, - { - "D2ExecuteCommand": { - "name": "D2ExecuteCommand" - } - }, - { - "46e2109c-b735-458e-884f-030229a20830": { - "name": "SetByIncidentId" - } - }, - { - "dfa728bb-8291-4f8c-8185-53fad210f1b5": { - "name": "VerifyHumanReadableContains" - } - }, - { - "ContextGetPathForString": { - "name": "ContextGetPathForString" - } - }, - { - "LCMResolveHost": { - "name": "LCMResolveHost", - "depends_on": [ - "lcm-resolve-host" - ] - } - }, - { - "IsGreaterThan": { - "name": "IsGreaterThan" - } - }, - { - "SbQuota": { - "name": "SbQuota", - "depends_on": [ - "sb-quota" - ] - } - }, - { - "ContextFilter": { - "name": "ContextFilter" - } - }, - { - "O365SearchEmails": { - "name": "O365SearchEmails", - "script_executions": [ - "D2O365SearchAndDelete", - "D2O365ComplianceSearch" - ] - } - }, - { - "AnalyzeOSX": { - "name": "AnalyzeOSX", - "depends_on": [ - "url", - "Osxcollector", - "file" - ] - } - }, - { - "PWEventPcapDownload": { - "name": "PWEventPcapDownload", - "depends_on": [ - "event-pcap-download" - ] - } - }, - { - "AnalyzeMemImage": { - "name": "AnalyzeMemImage" - } - }, - { - "8bb47409-fffb-40c4-8601-d5fd20384e26": { - "name": "SetTime", - "script_executions": [ - "setIncident" - ] - } - }, - { - "JiraGetIssue": { - "name": "JiraGetIssue", - "deprecated": true, - "depends_on": [ - "jira-get-issue" - ] - } - }, - { - "ADExpirePassword": { - "name": "ADExpirePassword", - "deprecated": true, - "depends_on": [ - "ad-expire-password" - ] - } - }, - { - "ImpSfRevokeUnaccessedDevices": { - "name": "ImpSfRevokeUnaccessedDevices", - "depends_on": [ - "ImpSfSetEndpointStatus", - "ImpSfListEndpoints" - ], - "script_executions": [ - "SendEmail", - "ImpSfListEndpoints", - "ImpSfSetEndpointStatus" - ] - } - }, - { - "ADGetUser": { - "name": "ADGetUser", - "depends_on": [ - "ad-search" - ] - } - }, - { - "SendEmail": { - "name": "SendEmail", - "depends_on": [ - "send-mail" - ] - } - }, - { - "EPOCheckLatestDAT": { - "name": "EPOCheckLatestDAT", - "deprecated": true - } - }, - { - "PagerDutyAlertOnIncident": { - "name": "PagerDutyAlertOnIncident", - "depends_on": [ - "PagerDuty-submit-event" - ] - } - }, - { - "URLExtract": { - "name": "URLExtract", - "deprecated": true - } - }, - { - "TaniumDeployAction": { - "name": "TaniumDeployAction", - "deprecated": true, - "depends_on": [ - "tn-deploy-package" - ] - } - }, - { - "SendEmailToManager": { - "name": "SendEmailToManager", - "toversion": "3.1.0", - "depends_on": [ - "ad-search", - "send-mail" - ], - "script_executions": [ - "AdSearch", - "AdSearch", - "addOneTimeEntitlement" - ] - } - }, - { - "StringReplace": { - "name": "StringReplace" - } - }, - { - "TextFromHTML": { - "name": "TextFromHTML" - } - }, - { - "CPShowBackupStatus": { - "name": "CPShowBackupStatus", - "deprecated": true, - "depends_on": [ - "ssh" - ], - "script_executions": [ - "ssh" - ] - } - }, - { - "RunPollingCommand": { - "name": "RunPollingCommand", - "fromversion": "4.0.0" - } - }, - { - "CBWatchlists": { - "name": "CBWatchlists", - "depends_on": [ - "cb-watchlist-get" - ] - } - }, - { - "DamSensorDown": { - "name": "DamSensorDown", - "depends_on": [ - "dam-get-latest-by-rule" - ] - } - }, - { - "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { - "name": "OktaDeactivateUser", - "deprecated": true, - "depends_on": [ - "okta-deactivate-user" - ] - } - }, - { - "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { - "name": "NetwitnessQuery", - "depends_on": [ - "nw-sdk-query" - ] - } - }, - { - "CBSensors": { - "name": "CBSensors", - "depends_on": [ - "cb-list-sensors" - ] - } - }, - { - "VolRunCmds": { - "name": "VolRunCmds" - } - }, - { - "ADGetComputer": { - "name": "ADGetComputer", - "depends_on": [ - "ad-search" - ] - } - }, - { - "DemistoUploadFileToIncident": { - "name": "DemistoUploadFileToIncident", - "depends_on": [ - "demisto-api-multipart" - ] - } - }, - { - "SbDownload": { - "name": "SbDownload", - "depends_on": [ - "sb-download" - ] - } - }, - { - "OSQueryBasicQuery": { - "name": "OSQueryBasicQuery", - "depends_on": [ - "RemoteExec" - ], - "script_executions": [ - "RemoteExec" - ] - } - }, - { - "AggregateIOCs": { - "name": "AggregateIOCs", - "deprecated": true - } - }, - { - "LinkIncidentsWithRetry": { - "name": "LinkIncidentsWithRetry", - "script_executions": [ - "linkIncidents", - "linkIncidents" - ] - } - }, - { - "PDFUnlocker": { - "name": "PDFUnlocker", - "script_executions": [ - "getFilePath" - ] - } - }, - { - "D2RegQuery": { - "name": "D2RegQuery" - } - }, - { - "ExtractURL": { - "name": "ExtractURL" - } - }, - { - "StringContains": { - "name": "StringContains" - } - }, - { - "CPBlockIP": { - "name": "CPBlockIP", - "deprecated": true, - "depends_on": [ - "checkpoint" - ], - "script_executions": [ - "checkpoint" - ] - } - }, - { - "TrendmicroSecurityProfileAssignToHost": { - "name": "TrendmicroSecurityProfileAssignToHost", - "depends_on": [ - "trendmicro-security-profile-assign-to-host" - ] - } - }, - { - "JiraCreateIssue-example": { - "name": "JiraCreateIssue-example", - "depends_on": [ - "jira-create-issue", - "jira-delete-issue" - ] - } - }, - { - "VolApihooks": { - "name": "VolApihooks" - } - }, - { - "ADGetCommonGroups": { - "name": "ADGetCommonGroups", - "deprecated": true, - "depends_on": [ - "ad-search" - ], - "script_executions": [ - "ADGetUserGroups" - ] - } - }, - { - "NetwitnessSAGetComponents": { - "name": "NetwitnessSAGetComponents", - "depends_on": [ - "nw-get-components" - ] - } - }, - { - "QRadarGetCorrelationLogs": { - "name": "QRadarGetCorrelationLogs", - "depends_on": [ - "qradar-searches" - ], - "script_executions": [ - "QRadarFullSearch" - ] - } - }, - { - "CountArraySize": { - "name": "CountArraySize" - } - }, - { - "ConvertXmlToJson": { - "name": "ConvertXmlToJson" - } - }, - { - "D2PEDump": { - "name": "D2PEDump" - } - }, - { - "CBPFindComputer": { - "name": "CBPFindComputer", - "depends_on": [ - "cbp-computer-search" - ] - } - }, - { - "ClassifierNotifyAdmin": { - "name": "ClassifierNotifyAdmin", - "depends_on": [ - "send-mail" - ] - } - }, - { - "SlackAskUser": { - "name": "SlackAskUser", - "fromversion": "3.5.0", - "depends_on": [ - "slack-send" - ], - "script_executions": [ - "addEntitlement" - ] - } - }, - { - "Exists": { - "name": "Exists" - } - }, - { - "NetwitnessSAGetEvents": { - "name": "NetwitnessSAGetEvents", - "depends_on": [ - "nw-get-events" - ] - } - }, - { - "DBotTrainTextClassifier": { - "name": "DBotTrainTextClassifier", - "fromversion": "4.1.0", - "script_executions": [ - "getFilePath", - "createList" - ] - } - }, - { - "CommonServer": { - "name": "CommonServer" - } - }, - { - "LCMDetectedIndicators": { - "name": "LCMDetectedIndicators", - "depends_on": [ - "lcm-indicators" - ] - } - }, - { - "SplunkSearch": { - "name": "SplunkSearch", - "deprecated": true, - "depends_on": [ - "search" - ] - } - }, - { - "IsIPInSubnet": { - "name": "IsIPInSubnet", - "deprecated": true - } - }, - { - "TrendmicroHostRetrieveAll": { - "name": "TrendmicroHostRetrieveAll", - "depends_on": [ - "trendmicro-host-retrieve-all" - ] - } - }, - { - "getMlFeatures": { - "name": "getMlFeatures", - "fromversion": "3.5.0", - "script_executions": [ - "findIndicators", - "getIncidents" - ] - } - }, - { - "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { - "name": "SEPScan", - "depends_on": [ - "sep-command-status" - ] - } - }, - { - "PrintContext": { - "name": "PrintContext" - } - }, - { - "D2O365SearchAndDelete": { - "name": "D2O365SearchAndDelete" - } - }, - { - "DBotPreparePhishingData": { - "name": "DBotPreparePhishingData", - "fromversion": "4.1.0", - "script_executions": [ - "getContext", - "getIncidents", - "createList", - "WordTokenizer" - ] - } - }, - { - "QRadarGetOffenseCorrelations": { - "name": "QRadarGetOffenseCorrelations", - "depends_on": [ - "qradar-searches" - ], - "script_executions": [ - "QRadarFullSearch" - ] - } - }, - { - "ShowScheduledEntries": { - "name": "ShowScheduledEntries" - } - }, - { - "EmailAskUserResponse": { - "name": "EmailAskUserResponse" - } - }, - { - "IsEmailAddressInternal": { - "name": "IsEmailAddressInternal" - } - }, - { - "DemistoGetIncidentTasksByState": { - "name": "DemistoGetIncidentTasksByState" - } - }, - { - "VectraGetHostById": { - "name": "VectraGetHostById", - "deprecated": true, - "depends_on": [ - "vec-get-host-by-id" - ] - } - }, - { - "DefaultIncidentClassifier": { - "name": "DefaultIncidentClassifier" - } - }, - { - "TestCreateTagTextFile": { - "name": "TestCreateTagTextFile", - "script_executions": [ - "createList" - ] - } - }, - { - "TestCreateWordFile": { - "name": "TestCreateWordFile" - } - }, - { - "GenerateImageFileEntry": { - "name": "GenerateImageFileEntry" - } - }, - { - "a18ff76e-c462-4daa-8be2-6a1b5308713f": { - "name": "TestCreateDuplicates" - } - }, - { - "c5cb179f-d6d2-4d87-8857-b224689d5b00": { - "name": "VerifyTreeToFlatObject" - } - }, - { - "GenerateUUID": { - "name": "GenerateUUID" - } - }, - { - "TestXml2JSON": { - "name": "TestXml2JSON" - } - }, - { - "3b260f00-772c-4d4e-84ea-e47226637497": { - "name": "VerifyHumanReadableEquals", - "fromversion": "3.6.0" - } - }, - { - "ValidateErrorExistence": { - "name": "ValidateErrorExistence", - "script_executions": [ - "getEntries" - ] - } - }, - { - "CompleteManualTask": { - "name": "CompleteManualTask", - "script_executions": [ - "DemistoGetIncidentTasksByState", - "taskComplete" - ] - } - }, - { - "GenerateIP": { - "name": "GenerateIP" - } - }, - { - "CarbonBlackResponseFilterSensors": { - "name": "CarbonBlackResponseFilterSensors" - } - }, - { - "RaiseError": { - "name": "RaiseError" - } - }, - { - "GenerateEmail": { - "name": "GenerateEmail" - } - }, - { - "PhishingIncident": { - "name": "PhishingIncident", - "script_executions": [ - "setIncident" - ] - } - }, - { - "VerifyTableToMarkDown": { - "name": "VerifyTableToMarkDown" - } - }, - { - "TestFormatTableValues": { - "name": "TestFormatTableValues" - } - }, - { - "TestCreateIncidents": { - "name": "TestCreateIncidents", - "script_executions": [ - "createNewIncident", - "createNewIncident" - ] - } - }, - { - "TestPYCommonServer": { - "name": "TestPYCommonServer" - } - }, - { - "CreateDuplicateIncident": { - "name": "CreateDuplicateIncident", - "script_executions": [ - "createNewIncident" - ] - } - }, - { - "c0eb84c3-8771-4f9f-833e-1017112d6215": { - "name": "ThrowException" - } - }, - { - "SsdeepReputationTest": { - "name": "SsdeepReputationTest", - "script_executions": [ - "findIndicators", - "createNewIndicator", - "createNewIndicator", - "createNewIndicator" - ] - } - }, - { - "CreateBinaryFile": { - "name": "CreateBinaryFile" - } - }, - { - "GetFirstObject": { - "name": "GetFirstObject" - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - } - ], - "playbooks": [ - { - "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Search And Delete Emails - EWS" - ] - } - }, - { - "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", - "EmailDomainSquattingReputation" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_commands": [ - "setIncident", - "rasterize-email" - ] - } - }, - { - "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "commentsToContext" - ], - "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", - "servicenow-incident-create" - ] - } - }, - { - "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, - "implementing_playbooks": [ - "Get Original Email - Gmail", - "Get Original Email - EWS" - ] - } - }, - { - "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "phish-ai-check-status", - "phish-ai-scan-url" - ] - } - }, - { - "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Sleep" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", - "cuckoo-create-task-from-url" - ] - } - }, - { - "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", - "Get File Sample By Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-details" - ] - } - }, - { - "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", - "Get File Sample From Path - D2" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_commands": [ - "rasterize-email" - ] - } - }, - { - "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "lastline-upload-file", - "lastline-get-report" - ] - } - }, - { - "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "URLSSLVerification", - "Exists", - "URLReputation" - ], - "implementing_commands": [ - "rasterize" - ] - } - }, - { - "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", - "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", - "PrintErrorEntry" - ] - } - }, - { - "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExposeModules", - "Autoruns", - "Exists" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", - "Calculate Severity - Critical assets" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", - "Exists" - ], - "implementing_commands": [ - "cbp-computer-get" - ] - } - }, - { - "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractURL", - "ExtractHash", - "ExtractIP" - ], - "implementing_playbooks": [ - "Enrichment Playbook" - ] - } - }, - { - "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Exists", - "SendEmail" - ], - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search" - ] - } - }, - { - "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "crowdstrike-detonate-file" - ] - } - }, - { - "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", - "implementing_scripts": [ - "CloseInvestigation", - "Exists" - ], - "implementing_playbooks": [ - "WildFire - Detonate file" - ], - "implementing_commands": [ - "dxl-send-event" - ] - } - }, - { - "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "cb-binary-get" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "StringContains", - "Exists" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-scan-status" - ] - } - }, - { - "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", - "Block Account - Generic" - ] - } - }, - { - "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", - "threat-grid-url-to-file" - ] - } - }, - { - "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", - "TrendMicroGetHostID" - ] - } - }, - { - "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", - "gvault-get-mail-results" - ] - } - }, - { - "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", - "Email Address Enrichment - Generic" - ] - } - }, - { - "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", - "joe-analysis-info" - ] - } - }, - { - "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "crowdstrike-submit-sample", - "crowdstrike-scan" - ] - } - }, - { - "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", - "implementing_commands": [ - "cs-device-search", - "cs-device-details" - ] - } - }, - { - "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "cveReputation" - ], - "implementing_commands": [ - "cve-search" - ] - } - }, - { - "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", - "implementing_scripts": [ - "http", - "UnzipFile", - "Exists" - ], - "implementing_commands": [ - "cylance-protect-download-threat" - ] - } - }, - { - "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", - "GetDuplicatesMl" - ] - } - }, - { - "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", - "ExtractURL" - ], - "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", - "Detonate File - Generic" - ] - } - }, - { - "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", - "implementing_scripts": [ - "EPOFindSystem", - "Exists" - ], - "implementing_commands": [ - "tie-file-references" - ] - } - }, - { - "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", - "implementing_scripts": [ - "QualysCreateIncidentFromReport", - "Set" - ], - "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", - "qualys-report-list" - ] - } - }, - { - "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", - "gmail-get-mail" - ] - } - }, - { - "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "atd-get-report", - "atd-check-status", - "atd-file-upload" - ] - } - }, - { - "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "lastline-get-report", - "lastline-upload-url" - ] - } - }, - { - "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "WildFire - Detonate file" - ] - } - }, - { - "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "ews-get-attachment" - ] - } - }, - { - "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "IsIntegrationAvailable", - "Exists" - ], - "implementing_commands": [ - "slack-send", - "ExposeModules" - ] - } - }, - { - "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IncidentAddSystem", - "FetchFileD2" - ] - } - }, - { - "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, - "implementing_scripts": [ - "DeleteContext", - "Set" - ], - "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", - "ews-get-items" - ] - } - }, - { - "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", - "Exists" - ] - } - }, - { - "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", - "implementing_scripts": [ - "StringContains", - "Set", - "Exists" - ] - } - }, - { - "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", - "CPCreateBackup" - ] - } - }, - { - "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "EPOFindSystem", - "Exists", - "ADGetComputer" - ], - "implementing_playbooks": [ - "CrowdStrike Endpoint Enrichment" - ], - "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", - "so-agents-query" - ] - } - }, - { - "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "QRadar - Get offense correlations", - "Access Investigation - Generic" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", - "gvault-get-groups-results" - ] - } - }, - { - "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", - "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", - "DBotPreparePhishingData" - ] - } - }, - { - "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", - "Detonate URL - McAfee ATD" - ] - } - }, - { - "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "tenable-sc-get-scan-report", - "tenable-sc-launch-scan" - ] - } - }, - { - "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "wildfire-upload-file-remote", - "wildfire-report" - ] - } - }, - { - "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", - "implementing_commands": [ - "cb-sensor-info", - "cb-quarantine-device" - ] - } - }, - { - "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", - "implementing_scripts": [ - "FindSimilarIncidents", - "CloseInvestigationAsDuplicate" - ] - } - }, - { - "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "nexpose-start-assets-scan", - "nexpose-get-scan" - ] - } - }, - { - "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", - "ExtractIP" - ] - } - }, - { - "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", - "NexposeEmailParser" - ], - "implementing_playbooks": [ - "Enrichment Playbook" - ] - } - }, - { - "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", - "FindSimilarIncidents" - ] - } - }, - { - "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", - "Search Endpoints By Hash - Generic" - ] - } - }, - { - "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", - "implementing_commands": [ - "cb-get-hash-blacklist", - "cb-block-hash" - ] - } - }, - { - "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", - "implementing_scripts": [ - "BuildEWSQuery" - ], - "implementing_commands": [ - "ews-search-mailboxes", - "ews-delete-items" - ] - } - }, - { - "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "bitdam-upload-file", - "bitdam-get-verdict" - ] - } - }, - { - "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", - "implementing_scripts": [ - "EPOFindSystem", - "Exists" - ], - "implementing_commands": [ - "mar-search-multiple" - ] - } - }, - { - "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", - "gvault-download-results" - ] - } - }, - { - "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IncidentSet" - ] - } - }, - { - "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "crowdstrike-submit-url", - "crowdstrike-scan" - ] - } - }, - { - "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", - "IPReputation" - ], - "implementing_playbooks": [ - "Endpoint Enrichment - Generic" - ], - "implementing_commands": [ - "vt-private-get-ip-report" - ] - } - }, - { - "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DomainReputation" - ] - } - }, - { - "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", - "qradar-searches" - ] - } - }, - { - "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", - "implementing_scripts": [ - "IncidentSet", - "Set", - "Exists" - ], - "implementing_commands": [ - "as-get-security-events", - "as-get-case", - "as-get-case-event-ids" - ] - } - }, - { - "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", - "Detonate File - Generic" - ] - } - }, - { - "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", - "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", - "Exists" - ] - } - }, - { - "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", - "implementing_scripts": [ - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations" - ] - } - }, - { - "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PanoramaBlockIP" - ], - "implementing_playbooks": [ - "Add Indicator to Miner - Palo Alto MineMeld" - ], - "implementing_commands": [ - "zscaler-blacklist-ip", - "checkpoint-block-ip" - ] - } - }, - { - "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", - "implementing_scripts": [ - "IncidentSet" - ] - } - }, - { - "playbook3": { - "name": "Ransomware Playbook - Manual", - "fromversion": "2.5.0" - } - }, - { - "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", - "implementing_scripts": [ - "CloseInvestigation", - "Exists" - ], - "implementing_playbooks": [ - "ATD - Detonate File" - ], - "implementing_commands": [ - "dxl-send-event" - ] - } - }, - { - "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "playbook2": { - "name": "Phishing Playbook - Manual", - "fromversion": "2.5.0" - } - }, - { - "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", - "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", - "Carbon black Protection Rapid IOC Hunting" - ] - } - }, - { - "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "ReadPDFFile", - "Set", - "ExtractIndicatorsFromTextFile" - ] - } - }, - { - "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", - "implementing_scripts": [ - "Print", - "Exists" - ], - "implementing_commands": [ - "so-agents-query", - "so-get-agent-processes" - ] - } - }, - { - "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ], - "implementing_playbooks": [ - "Get Original Email - Generic" - ], - "implementing_commands": [ - "setIncident", - "rasterize-email" - ] - } - }, - { - "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", - "Ping" - ], - "implementing_commands": [ - "servicenow-incident-create" - ] - } - }, - { - "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", - "setIncident" - ] - } - }, - { - "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "StringContains", - "Exists" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "playbook8": { - "name": "Lost / Stolen Device Playbook", - "fromversion": "2.5.0" - } - }, - { - "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "DisplayHTML" - ], - "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "qualys-host-list", - "qualys-vulnerability-list" - ] - } - }, - { - "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", - "ExtractURL" - ], - "implementing_playbooks": [ - "Hunt for bad IOCs" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "CBFindHash" - ] - } - }, - { - "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-scan" - ] - } - }, - { - "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", - "panorama-commit-status" - ] - } - }, - { - "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", - "SlackAskUser" - ], - "implementing_commands": [ - "slack-send" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-report" - ] - } - }, - { - "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "File Enrichment - File reputation", - "File Enrichment - Virus Total Private API" - ], - "implementing_commands": [ - "cylance-protect-get-threat", - "pan-appframework-search-by-file-hash" - ] - } - }, - { - "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", - "implementing_scripts": [ - "NexposeCreateIncidentsFromAssets" - ], - "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", - "nexpose-search-assets" - ] - } - }, - { - "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", - "implementing_commands": [ - "archer-get-file" - ] - } - }, - { - "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Block File - Carbon Black Response" - ] - } - }, - { - "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", - "implementing_scripts": [ - "StringContains", - "Set" - ] - } - }, - { - "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", - "implementing_commands": [ - "minemeld-add-to-miner" - ] - } - }, - { - "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "DomainReputation" - ], - "implementing_commands": [ - "vt-private-get-domain-report" - ] - } - }, - { - "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", - "SendEmail" - ], - "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", - "epo-get-current-dat" - ] - } - }, - { - "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "URLSSLVerification", - "Exists", - "URLReputation" - ], - "implementing_commands": [ - "vt-private-get-url-report", - "rasterize" - ] - } - }, - { - "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", - "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", - "IP Enrichment - Generic" - ] - } - }, - { - "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", - "Search Endpoints By Hash - Carbon Black Protection" - ] - } - }, - { - "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", - "Detonate File - Generic" - ] - } - }, - { - "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", - "implementing_scripts": [ - "Set" - ] - } - }, - { - "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Sleep" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", - "cuckoo-create-task-from-file" - ] - } - }, - { - "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", - "IP Enrichment - Generic" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ] - } - }, - { - "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "DBot Create Phishing Classifier" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", - "ExtractURL" - ], - "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", - "Enrichment Playbook" - ] - } - }, - { - "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation" - ], - "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", - "setIncident" - ] - } - }, - { - "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", - "implementing_scripts": [ - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", - "gvault-download-results" - ] - } - }, - { - "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "detonate-file" - ] - } - }, - { - "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", - "implementing_commands": [ - "ad-disable-account" - ] - } - }, - { - "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", - "implementing_commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-file-report" - ] - } - }, - { - "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", - "implementing_scripts": [ - "FileReputation" - ] - } - }, - { - "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "Add Indicator to Miner - Palo Alto MineMeld" - ], - "implementing_commands": [ - "zscaler-blacklist-url" - ] - } - }, - { - "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "ParseEmailFiles" - ] - } - }, - { - "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", - "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", - "tn-get-saved-question" - ] - } - }, - { - "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Exists" - ], - "implementing_commands": [ - "cb-binary-get" - ] - } - }, - { - "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "http", - "UnzipFile", - "Exists" - ], - "implementing_commands": [ - "cylance-protect-download-threat" - ] - } - }, - { - "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", - "EmailAskUser" - ], - "implementing_playbooks": [ - "IP Enrichment - Generic", - "Account Enrichment - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "setIncident" - ] - } - }, - { - "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", - "implementing_scripts": [ - "EPOFindSystem" - ], - "implementing_commands": [ - "tie-file-references" - ] - } - }, - { - "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CBLiveGetFile", - "Exists" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set" - ], - "implementing_commands": [ - "wildfire-report", - "detonate-file" - ] - } - }, - { - "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", - "Detonate File - ThreatGrid" - ] - } - }, - { - "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", - "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", - "AreValuesEqual" - ] - } - }, - { - "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", - "URLReputation" - ] - } - }, - { - "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", - "ews-o365-start-compliance-search" - ] - } - }, - { - "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "GetIndicatorDBotScore" - ] - } - }, - { - "playbook0": { - "name": "Default", - "fromversion": "3.5.0", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident" - ], - "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Calculate Severity - Generic" - ] - } - }, - { - "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "FileReputation" - ] - } - }, - { - "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "atd-get-report", - "atd-file-upload", - "atd-check-status" - ] - } - }, - { - "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", - "implementing_scripts": [ - "ADGetUser", - "Exists" - ] - } - }, - { - "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", - "joe-analysis-submit-sample" - ] - } - }, - { - "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", - "Exists" - ] - } - }, - { - "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Print", - "SandboxDetonateFile", - "Exists" - ] - } - }, - { - "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-sample" - ] - } - }, - { - "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", - "implementing_scripts": [ - "CBFindHash", - "Exists" - ] - } - }, - { - "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", - "EmailDomainSquattingReputation" - ] - } - }, - { - "Endpoint data collection": { - "name": "Endpoint data collection", - "implementing_scripts": [ - "AreValuesEqual" - ], - "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", - "D2 - Endpoint data collection" - ] - } - }, - { - "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", - "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", - "Get File Sample From Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-report" - ] - } - }, - { - "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set" - ], - "implementing_playbooks": [ - "GenericPolling" - ], - "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": "4.1.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - } - ], - "integrations": [ - { - "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", - "cybereason-update-malop-status" - ] - } - }, - { - "Giphy": { - "name": "Giphy", - "commands": [ - "giphy" - ] - } - }, - { - "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", - "nw-broker-mon" - ] - } - }, - { - "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", - "reversinglabs-download-unpacked" - ] - } - }, - { - "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", - "vmware-get-events" - ] - } - }, - { - "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", - "archer-get-user-id" - ] - } - }, - { - "vmray": { - "name": "vmray", - "commands": [ - "upload_sample", - "get_results", - "get_job_sample" - ] - } - }, - { - "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", - "jira-delete-issue" - ] - } - }, - { - "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", - "verodin-job-cancel" - ] - } - }, - { - "dnstwist": { - "name": "dnstwist", - "commands": [ - "dnstwist-domain-variations" - ] - } - }, - { - "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", - "ews-move-item" - ] - } - }, - { - "OpenPhish": { - "name": "OpenPhish", - "commands": [ - "url", - "openphish-reload", - "openphish-status" - ] - } - }, - { - "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", - "nsm-get-attacks" - ] - } - }, - { - "ipinfo": { - "name": "ipinfo", - "commands": [ - "ip", - "ipinfo_field" - ] - } - }, - { - "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", - "cuckoo-machine-view" - ] - } - }, - { - "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", - "moloch_unique_json" - ] - } - }, - { - "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", - "demisto-delete-incidents" - ] - } - }, - { - "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", - "satp-incidents" - ] - } - }, - { - "McAfee Active Response": { - "name": "McAfee Active Response", - "commands": [ - "mar-search", - "mar-collectors-list", - "mar-search-multiple" - ] - } - }, - { - "Aella Star Light": { - "name": "Aella Star Light", - "commands": [ - "aella-get-event" - ] - } - }, - { - "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", - "zendesk-get-article" - ] - } - }, - { - "Cisco CloudLock": { - "name": "Cisco CloudLock", - "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", - "cloudlock-get-activities" - ] - } - }, - { - "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", - "cb-push-file-to-endpoint" - ] - } - }, - { - "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download" - ] - } - }, - { - "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", - "commands": [ - "pipl-search", - "email" - ] - } - }, - { - "Forcepoint": { - "name": "Forcepoint", - "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", - "fp-delete-address-from-category" - ] - } - }, - { - "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", - "fireeye-hx-get-host-set-information" - ] - } - }, - { - "Threat Crowd": { - "name": "Threat Crowd", - "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", - "threat-crowd-file" - ] - } - }, - { - "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", - "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", - "pan-appframework-search-by-file-hash" - ] - } - }, - { - "Phishme Intelligence": { - "name": "Phishme Intelligence", - "commands": [ - "url", - "file", - "ip", - "phishme-search", - "email" - ] - } - }, - { - "Remedy AR": { - "name": "Remedy AR", - "commands": [ - "remedy-get-server-details" - ] - } - }, - { - "Intezer": { - "name": "Intezer", - "commands": [ - "file", - "intezer-upload" - ] - } - }, - { - "AlgoSec": { - "name": "AlgoSec", - "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", - "algosec-query" - ] - } - }, - { - "Zoom": { - "name": "Zoom", - "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", - "zoom-delete-user" - ] - } - }, - { - "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", - "cuckoo-machine-view" - ] - } - }, - { - "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-processes" - ] - } - }, - { - "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", - "qradar-delete-reference-set-value" - ] - } - }, - { - "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", - "splunk-parse-raw" - ] - } - }, - { - "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", - "domain" - ] - } - }, - { - "LogRhythm": { - "name": "LogRhythm", - "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", - "lr-get-alarms" - ] - } - }, - { - "Service Manager": { - "name": "Service Manager", - "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", - "hpsm-get-device" - ] - } - }, - { - "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", - "trendmicro-anti-malware-event-retrieve" - ] - } - }, - { - "Netskope": { - "name": "Netskope", - "commands": [ - "netskope-events", - "netskope-alerts" - ] - } - }, - { - "McAfee Web Gateway": { - "name": "McAfee Web Gateway", - "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", - "mwg-delete-entry" - ] - } - }, - { - "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", - "as-search" - ] - } - }, - { - "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", - "cb-watchlist" - ] - } - }, - { - "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", - "zscaler-get-whitelist" - ] - } - }, - { - "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", - "sandblast-quota" - ] - } - }, - { - "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config" - ] - } - }, - { - "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", - "device" - ] - } - }, - { - "Skyformation": { - "name": "Skyformation", - "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", - "skyformation-unsuspend-user" - ] - } - }, - { - "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", - "cisco-spark-send-message-to-room" - ] - } - }, - { - "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", - "as-case-delete" - ] - } - }, - { - "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", - "nexpose-get-scans" - ] - } - }, - { - "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", - "cylance-protect-delete-devices" - ] - } - }, - { - "Cyber Triage": { - "name": "Cyber Triage", - "commands": [ - "ct-triage-endpoint" - ] - } - }, - { - "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", - "endgame-investigation-status" - ] - } - }, - { - "Kenna": { - "name": "Kenna", - "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", - "kenna-update-vulnerability" - ] - } - }, - { - "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", - "meraki-update-firewall-rules" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote" - ] - } - }, - { - "AWS Sagemaker": { - "name": "AWS Sagemaker", - "commands": [ - "predict-phishing" - ] - } - }, - { - "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", - "crowdstrike-submit-file-by-url" - ] - } - }, - { - "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", - "domainProfile" - ] - } - }, - { - "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", - "jask-search-entities" - ] - } - }, - { - "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", - "commands": [ - "smb-download" - ] - } - }, - { - "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", - "esm-list-alarm-events" - ] - } - }, - { - "nmap": { - "name": "nmap", - "commands": [ - "nmap-scan" - ] - } - }, - { - "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", - "commands": [ - "file" - ] - } - }, - { - "Farsight DNSDB": { - "name": "Farsight DNSDB", - "commands": [ - "dnsdb-rdata", - "dnsdb-rrset" - ] - } - }, - { - "Symantec MSS": { - "name": "Symantec MSS", - "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", - "symantec-mss-incidents-list" - ] - } - }, - { - "EWS Mail Sender": { - "name": "EWS Mail Sender", - "commands": [ - "send-mail" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", - "wildfire-upload-file-remote" - ] - } - }, - { - "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote" - ] - } - }, - { - "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", - "url" - ] - } - }, - { - "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", - "microsoft-atp-list-alerts" - ] - } - }, - { - "Mail Sender (New)": { - "name": "Mail Sender (New)", - "commands": [ - "send-mail" - ] - } - }, - { - "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", - "attivo-list-users" - ] - } - }, - { - "Sample Incident Generator": { - "name": "Sample Incident Generator" - } - }, - { - "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", - "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", - "hybrid-analysis-detonate-file" - ] - } - }, - { - "Anomali ThreatStream": { - "name": "Anomali ThreatStream", - "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", - "ip" - ] - } - }, - { - "PacketMail": { - "name": "PacketMail", - "commands": [ - "packetmail-ip" - ] - } - }, - { - "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", - "qualys-pc-scan-fetch" - ] - } - }, - { - "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", - "umbrella-get-url-timeline" - ] - } - }, - { - "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", - "cbd-set-policy" - ] - } - }, - { - "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", - "kl-delete-record-attachments" - ] - } - }, - { - "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", - "commands": [ - "opswat-hash", - "opswat-scan-file", - "opswat-scan-result" - ] - } - }, - { - "ActiveMQ": { - "name": "ActiveMQ", - "commands": [ - "activemq-send", - "activemq-subscribe" - ] - } - }, - { - "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", - "commands": [ - "ironport-report" - ] - } - }, - { - "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", - "qualys-pc-scan-fetch" - ] - } - }, - { - "IsItPhishing": { - "name": "IsItPhishing", - "commands": [ - "url" - ] - } - }, - { - "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user" - ] - } - }, - { - "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-modify-instance-attribute" - ] - } - }, - { - "Blockade.io": { - "name": "Blockade.io", - "commands": [ - "blockade-get-indicators", - "blockade-add-indicators" - ] - } - }, - { - "AlphaSOC Network Behavior Analytics": { - "name": "AlphaSOC Network Behavior Analytics" - } - }, - { - "Recorded Future": { - "name": "Recorded Future", - "commands": [ - "domain", - "ip", - "file", - "recorded-future-get-related-entities" - ] - } - }, - { - "CVE Search": { - "name": "CVE Search", - "commands": [ - "cve-search", - "cve-latest" - ] - } - }, - { - "SNDBOX": { - "name": "SNDBOX", - "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", - "sndbox-download-sample" - ] - } - }, - { - "Demisto Lock": { - "name": "Demisto Lock", - "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", - "demisto-lock-release-all" - ] - } - }, - { - "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", - "f5-list-all-user-sessions" - ] - } - }, - { - "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", - "mimecast-download-attachments" - ] - } - }, - { - "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", - "zendesk-get-article" - ] - } - }, - { - "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", - "redcanary-get-detection" - ] - } - }, - { - "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", - "joe-download-sample" - ] - } - }, - { - "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", - "aws-cloudtrail-lookup-events" - ] - } - }, - { - "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", - "threatexchange-members" - ] - } - }, - { - "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-tickets-ids" - ] - } - }, - { - "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", - "aws-get-ebs-volume-info" - ] - } - }, - { - "ArcSight XML": { - "name": "ArcSight XML", - "commands": [ - "arcsight-update-case", - "arcsight-fetch-xml" - ] - } - }, - { - "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", - "vt-comments-get" - ] - } - }, - { - "MxToolBox": { - "name": "MxToolBox", - "commands": [ - "mxtoolbox" - ] - } - }, - { - "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download" - ] - } - }, - { - "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", - "lcm-host-autoruns" - ] - } - }, - { - "Packetsled": { - "name": "Packetsled", - "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", - "packetsled-get-events" - ] - } - }, - { - "Censys": { - "name": "Censys", - "commands": [ - "cen-view", - "cen-search" - ] - } - }, - { - "Imperva Skyfence": { - "name": "Imperva Skyfence", - "commands": [ - "imp-sf-list-endpoints", - "imp-sf-set-endpoint-status" - ] - } - }, - { - "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", - "get-token" - ] - } - }, - { - "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", - "minemeld-get-all-miners-names" - ] - } - }, - { - "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", - "commands": [ - "url" - ] - } - }, - { - "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", - "salesforce-delete-case" - ] - } - }, - { - "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", - "scadafence-getAllConnections" - ] - } - }, - { - "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", - "hashicorp-create-token" - ] - } - }, - { - "Proofpoint TAP": { - "name": "Proofpoint TAP", - "commands": [ - "proofpoint-get-events" - ] - } - }, - { - "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed" - ] - } - }, - { - "iDefense": { - "name": "iDefense", - "commands": [ - "ip", - "domain", - "url", - "idefense-general", - "uuid" - ] - } - }, - { - "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", - "cs-report-pdf" - ] - } - }, - { - "Venafi": { - "name": "Venafi", - "commands": [ - "venafi-get-certificates", - "venafi-get-certificate-details" - ] - } - }, - { - "CyberArkAIM": { - "name": "CyberArkAIM", - "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", - "account-details" - ] - } - }, - { - "Autofocus": { - "name": "Autofocus", - "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", - "file" - ] - } - }, - { - "AbuseIPDB": { - "name": "AbuseIPDB", - "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", - "abuseipdb-get-categories" - ] - } - }, - { - "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", - "commands": [ - "file", - "tie-set-file-reputation", - "tie-file-references" - ] - } - }, - { - "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", - "checkpoint-delete-rule" - ] - } - }, - { - "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", - "PagerDuty-acknowledge-event" - ] - } - }, - { - "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", - "gmail-add-filter" - ] - } - }, - { - "Centreon": { - "name": "Centreon", - "commands": [ - "centreon-get-host-status", - "centreon-get-service-status" - ] - } - }, - { - "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", - "netwitness-blacklist-domains" - ] - } - }, - { - "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", - "pt-ssl-cert-search" - ] - } - }, - { - "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", - "get-token" - ] - } - }, - { - "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", - "so-reslove-threats" - ] - } - }, - { - "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", - "amp_get_version" - ] - } - }, - { - "AWS - SQS": { - "name": "AWS - SQS", - "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", - "aws-sqs-purge-queue" - ] - } - }, - { - "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-terminate-process" - ] - } - }, - { - "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record" - ] - } - }, - { - "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", - "tn-get-action" - ] - } - }, - { - "FireEye ETP": { - "name": "FireEye ETP", - "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", - "fireeye-etp-get-alert" - ] - } - }, - { - "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-account-usage-info" - ] - } - }, - { - "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", - "rs-incidents-get-tasks" - ] - } - }, - { - "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", - "aws-iam-delete-account-alias" - ] - } - }, - { - "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", - "sep-client-content" - ] - } - }, - { - "SumoLogic": { - "name": "SumoLogic", - "commands": [ - "search" - ] - } - }, - { - "Pwned": { - "name": "Pwned", - "commands": [ - "pwned-email", - "pwned-domain", - "email" - ] - } - }, - { - "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", - "commands": [ - "url", - "ip", - "file", - "urlscan-submit" - ] - } - }, - { - "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", - "lastline-get-task-list" - ] - } - }, - { - "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", - "commands": [ - "urlscan-search", - "urlscan-submit", - "url" - ] - } - }, - { - "OpsGenie": { - "name": "OpsGenie", - "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", - "opsgenie-get-schedule-timeline" - ] - } - }, - { - "McAfeeDAM": { - "name": "McAfeeDAM", - "commands": [ - "dam-get-alert-by-id", - "dam-get-latest-by-rule" - ] - } - }, - { - "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", - "okta-get-group-members" - ] - } - }, - { - "Devo": { - "name": "Devo", - "commands": [ - "devo-query" - ] - } - }, - { - "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", - "aws-securityhub-update-finding" - ] - } - }, - { - "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", - "moloch_unique_json" - ] - } - }, - { - "RedLock": { - "name": "RedLock", - "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", - "redlock-list-alert-filters" - ] - } - }, - { - "Whois": { - "name": "Whois", - "fromversion": "4.1.0", - "commands": [ - "whois" - ] - } - }, - { - "SafeBreach": { - "name": "SafeBreach", - "commands": [ - "safebreach-rerun", - "safebreach-get-simulation" - ] - } - }, - { - "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", - "commands": [ - "wisdom-domain-flags", - "wisdom-ip-flags" - ] - } - }, - { - "jamf": { - "name": "jamf", - "commands": [ - "jamf-get-computers", - "jamf-get-computers-match" - ] - } - }, - { - "CIRCL": { - "name": "CIRCL", - "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", - "circl-ssl-get-certificate" - ] - } - }, - { - "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", - "panorama-push-status" - ] - } - }, - { - "icebrg": { - "name": "icebrg", - "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", - "icebrg-get-report-assets" - ] - } - }, - { - "EasyVista": { - "name": "EasyVista", - "commands": [ - "easy-vista-search" - ] - } - }, - { - "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", - "tc-get-incident-associate-indicators" - ] - } - }, - { - "BitDam": { - "name": "BitDam", - "commands": [ - "bitdam-upload-file", - "bitdam-get-verdict" - ] - } - }, - { - "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", - "aws-s3-upload-file" - ] - } - }, - { - "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login" - ] - } - }, - { - "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", - "guardicore-search-network-log" - ] - } - }, - { - "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", - "commands": [ - "mimecast-query" - ] - } - }, - { - "Shodan": { - "name": "Shodan", - "commands": [ - "search", - "ip" - ] - } - }, - { - "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", - "aws-gd-update-findings-feedback" - ] - } - }, - { - "Mimecast Authentication": { - "name": "Mimecast Authentication", - "commands": [ - "mimecast-login", - "mimecast-discover", - "mimecast-refresh-token" - ] - } - }, - { - "malwr": { - "name": "malwr", - "fromversion": "3.0.0", - "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", - "malwr-detonate" - ] - } - }, - { - "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", - "cs-detection-details" - ] - } - }, - { - "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", - "servicenow-get-table-name" - ] - } - }, - { - "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", - "tenable-sc-get-system-information" - ] - } - }, - { - "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", - "gvault-get-groups-results" - ] - } - }, - { - "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", - "url" - ] - } - }, - { - "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", - "internal-misp-add-attribute" - ] - } - }, - { - "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", - "cs-report-pdf" - ] - } - }, - { - "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", - "box_files_get_info" - ] - } - }, - { - "Remedy On-Demand": { - "name": "Remedy On-Demand", - "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-update" - ] - } - }, - { - "Rasterize": { - "name": "Rasterize", - "commands": [ - "rasterize", - "rasterize-email", - "rasterize-image" - ] - } - }, - { - "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", - "fortigate-delete-address-group" - ] - } - }, - { - "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", - "rtir-add-reply" - ] - } - }, - { - "Tenable.io": { - "name": "Tenable.io", - "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-status" - ] - } - }, - { - "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", - "sw-list-sessions" - ] - } - }, - { - "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", - "ews-o365-get-compliance-search-purge-status" - ] - } - }, - { - "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", - "kl-delete-record-attachments" - ] - } - }, - { - "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count" - ] - } - }, - { - "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", - "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", - "lum-get-ssh-access-logs" - ] - } - }, - { - "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", - "vt-private-download-file" - ] - } - }, - { - "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", - "commands": [ - "encase-copyjob", - "encase-snapshot", - "encase-verifyhash" - ] - } - }, - { - "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", - "incap-get-app-info" - ] - } - }, - { - "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", - "cve-latest" - ] - } - }, - { - "Cymon": { - "name": "Cymon", - "commands": [ - "ip", - "domain" - ] - } - }, - { - "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", - "atd-check-status" - ] - } - }, - { - "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", - "aws-logs-describe-metric-filters" - ] - } - }, - { - "Microsoft Graph": { - "name": "Microsoft Graph", - "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", - "msg-get-user" - ] - } - }, - { - "Secdo": { - "name": "Secdo", - "commands": [ - "secdo-add-IOCs" - ] - } - }, - { - "Preempt": { - "name": "Preempt", - "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", - "preempt-get-alerts" - ] - } - }, - { - "PostgreSQL": { - "name": "PostgreSQL", - "commands": [ - "pgsql-query" - ] - } - }, - { - "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", - "epo-get-version" - ] - } - }, - { - "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", - "grr_set_hunts" - ] - } - }, - { - "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", - "nessus-scan-status" - ] - } - }, - { - "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", - "guardicore-search-network-log" - ] - } - }, - { - "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", - "ds-get-tags" - ] - } - }, - { - "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", - "fe-submit-url-result" - ] - } - }, - { - "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", - "nw-database-dump" - ] - } - }, - { - "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", - "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", - "netwitness-get-alerts" - ] - } - }, - { - "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", - "smg-get-blocked-ips" - ] - } - }, - { - "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", - "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", - "otrs-close-ticket" - ] - } - }, - { - "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", - "sandblast-quota" - ] - } - }, - { - "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", - "cp-get-policy-details" - ] - } - }, - { - "TCPIPUtils": { - "name": "TCPIPUtils", - "commands": [ - "ip" - ] - } - }, - { - "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", - "netwitness-im-get-alert-original" - ] - } - }, - { - "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", - "commands": [ - "clue" - ] - } - }, - { - "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link" - ] - } - }, - { - "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", - "vec-get-detetctions-by-id" - ] - } - }, - { - "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", - "commands": [ - "TwilioSendSMS" - ] - } - }, - { - "PhishTank": { - "name": "PhishTank", - "commands": [ - "url", - "phishtank-reload", - "phishtank-status" - ] - } - }, - { - "FireEye iSIGHT": { - "name": "FireEye iSIGHT", - "commands": [ - "ip", - "domain", - "file", - "isight-get-report", - "isight-submit-file" - ] - } - }, - { - "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", - "bigfix-query" - ] - } - }, - { - "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", - "commands": [ - "phish-ai-scan-url", - "phish-ai-check-status" - ] - } - }, - { - "Koodous": { - "name": "Koodous", - "commands": [ - "k-check-hash" - ] - } - }, - { - "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", - "intsights-close-alert" - ] - } - } - ], - "TestPlaybooks": [ - { - "SignalSciences Test": { - "name": "SignalSciences Test", - "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", - "sigsci-whitelist-remove-ip" - ] - } - }, - { - "Microsoft Graph Test": { - "name": "Microsoft Graph Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", - "msg-get-alert-details" - ] - } - }, - { - "Mail Sender (New) Test": { - "name": "Email Sender Python", - "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", - "send-mail" - ] - } - }, - { - "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", - "ExtractURL" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "file" - ] - } - }, - { - "PortListenCheck-test": { - "name": "PortListenCheck-test", - "implementing_scripts": [ - "Print", - "PortListenCheck" - ] - } - }, - { - "Qualys-Test": { - "name": "Qualys-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", - "qualys-report-list" - ] - } - }, - { - "Pipl Test": { - "name": "Pipl Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "pipl-search" - ] - } - }, - { - "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", - "AreValuesEqual" - ], - "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes" - ] - } - }, - { - "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", - "cbp-fileAnalysis-get" - ] - } - }, - { - "test_url_regex": { - "name": "Test URL Regex", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext" - ] - } - }, - { - "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", - "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", - "ip" - ] - } - }, - { - "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", - "aws-route53-list-hosted-zones" - ] - } - }, - { - "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", - "implementing_scripts": [ - "http" - ], - "implementing_commands": [ - "send-mail" - ] - } - }, - { - "Icebrg Test": { - "name": "Icebrg Test", - "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", - "icebrg-get-report-indicators" - ] - } - }, - { - "tenable-sc-scan-test": { - "name": "Test tenable scan", - "implementing_playbooks": [ - "Launch Scan - Tenable.sc" - ] - } - }, - { - "VMWare Test": { - "name": "VMWare Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", - "vmware-get-vms" - ] - } - }, - { - "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", - "implementing_scripts": [ - "Print", - "CloseInvestigation", - "Exists" - ], - "implementing_commands": [ - "url", - "openphish-status" - ] - } - }, - { - "Intezer Testing": { - "name": "Intezer Testing", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http" - ], - "implementing_commands": [ - "intezer-upload", - "file" - ] - } - }, - { - "test-domain-indicator": { - "name": "test-domain-indicator", - "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", - "Sleep" - ] - } - }, - { - "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "IP Enrichment - Generic" - ] - } - }, - { - "Nessus - Test": { - "name": "Nessus - Test", - "implementing_scripts": [ - "WhileLoop" - ], - "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", - "nessus-scan-details" - ] - } - }, - { - "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", - "aws-ec2-stop-instances" - ] - } - }, - { - "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", - "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-create-export-groups" - ] - } - }, - { - "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "CVE Enrichment - Generic" - ] - } - }, - { - "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", - "implementing_scripts": [ - "DeleteContext", - "http", - "ReadPDFFile" - ] - } - }, - { - "RegexGroups Test": { - "name": "RegexGroups Test", - "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", - "DeleteContext" - ] - } - }, - { - "GmailTest": { - "name": "GmailTest", - "implementing_scripts": [ - "GetTime", - "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", - "gmail-search" - ] - } - }, - { - "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", - "implementing_scripts": [ - "RaiseError", - "http" - ], - "implementing_playbooks": [ - "Extract Indicators From File - Generic" - ] - } - }, - { - "Kenna Test": { - "name": "Kenna Test", - "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", - "kenna-get-connectors" - ] - } - }, - { - "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", - "aws-cloudtrail-stop-logging" - ] - } - }, - { - "test_Qradar": { - "name": "test_Qradar", - "implementing_scripts": [ - "FetchFromInstance", - "DeleteContext" - ], - "implementing_playbooks": [ - "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", - "qradar-delete-reference-set-value" - ] - } - }, - { - "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", - "implementing_commands": [ - "centreon-get-host-status" - ] - } - }, - { - "ssdeepreputationtest": { - "name": "SsdeepReputationTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", - "SSDeepReputation" - ] - } - }, - { - "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", - "cs-device-details" - ] - } - }, - { - "dnstwistTest": { - "name": "dnstwistTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "dnstwist-domain-variations" - ] - } - }, - { - "IPInfoTest": { - "name": "IPInfoTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", - "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", - "tn-get-saved-question" - ] - } - }, - { - "Netskope Test": { - "name": "Netskope Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "netskope-events", - "netskope-alerts" - ] - } - }, - { - "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Entity Enrichment - Generic" - ] - } - }, - { - "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", - "implementing_scripts": [ - "DeleteContext", - "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", - "cs-reports" - ] - } - }, - { - "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - TIE" - ] - } - }, - { - "nexpose_test": { - "name": "Nexpose test", - "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", - "nexpose-get-scans" - ] - } - }, - { - "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "cisco-ise-get-endpoints" - ] - } - }, - { - "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", - "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", - "cb-alert" - ] - } - }, - { - "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", - "DeleteContext" - ], - "implementing_playbooks": [ - "Dedup - Generic" - ], - "implementing_commands": [ - "setIncident" - ] - } - }, - { - "VxStream Test": { - "name": "VxStream Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "Exists" - ], - "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", - "crowdstrike-search" - ] - } - }, - { - "PhishTank Testing": { - "name": "PhishTank Testing", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", - "ReadFile" - ], - "implementing_commands": [ - "url" - ] - } - }, - { - "BigFixTest": { - "name": "BigFixTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-deploy-patch" - ] - } - }, - { - "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", - "meraki-fetch-organization-inventory" - ] - } - }, - { - "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "URL Enrichment - Generic" - ], - "implementing_commands": [ - "rasterize" - ] - } - }, - { - "CheckpointFW-test": { - "name": "CheckpointFW-test", - "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", - "CheckpointFWCreateBackup" - ], - "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", - "checkpoint-show-hosts" - ] - } - }, - { - "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_playbooks": [ - "Detonate URL - McAfee ATD", - "ATD - Detonate File" - ], - "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", - "atd-list-user" - ] - } - }, - { - "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", - "umbrella-domain-categorization" - ] - } - }, - { - "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", - "implementing_scripts": [ - "RaiseError", - "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", - "epo-query-table" - ] - } - }, - { - "grr_test": { - "name": "GRR Test", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", - "grr-get-flows" - ] - } - }, - { - "RTIR Test": { - "name": "RTIR Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", - "rtir-search-ticket" - ] - } - }, - { - "GeneratePassword-Test": { - "name": "GeneratePassword-Test", - "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", - "Exists" - ] - } - }, - { - "EWS Public Folders Test": { - "name": "EWS Public Folders Test", - "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", - "ews-get-folder" - ] - } - }, - { - "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Account Enrichment - Generic" - ] - } - }, - { - "TestStringReplace": { - "name": "TestStringReplace", - "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", - "DeleteContext" - ] - } - }, - { - "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", - "implementing_commands": [ - "ews-get-attachment" - ] - } - }, - { - "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - CrowdStrike" - ] - } - }, - { - "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", - "rs-incident-artifacts" - ] - } - }, - { - "whois_test": { - "name": "whois_test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "closeInvestigation", - "whois" - ] - } - }, - { - "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", - "implementing_scripts": [ - "CloseInvestigation", - "Exists", - "ToTable" - ], - "implementing_commands": [ - "mxtoolbox" - ] - } - }, - { - "Jira-Test": { - "name": "Jira-Test", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", - "jira-get-issue" - ] - } - }, - { - "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", - "aws-ec2-describe-addresses" - ] - } - }, - { - "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_playbooks": [ - "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", - "panorama-delete-address" - ] - } - }, - { - "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", - "implementing_scripts": [ - "RaiseError", - "CloseInvestigation" - ], - "implementing_commands": [ - "url" - ] - } - }, - { - "Tenable.io test": { - "name": "Tenable.io test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", - "tenable-io-get-scan-status" - ] - } - }, - { - "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", - "joe-analysis-submit-url" - ] - } - }, - { - "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample By Hash - Carbon Black Enterprise Response" - ] - } - }, - { - "OTRS Test": { - "name": "OTRS Test", - "implementing_scripts": [ - "FetchFromInstance" - ], - "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", - "otrs-get-ticket" - ] - } - }, - { - "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_playbooks": [ - "Get Original Email - Gmail" - ] - } - }, - { - "TestHPServiceManager": { - "name": "TestHPServiceManager", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", - "hpsm-get-incident-by-id" - ] - } - }, - { - "AbuseIPDB Test": { - "name": "AbuseIPDB Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", - "abuseipdb-report-ip" - ] - } - }, - { - "TestIsValueInArray": { - "name": "TestIsValueInArray", - "implementing_scripts": [ - "CloseInvestigation", - "Set", - "IsValueInArray" - ] - } - }, - { - "GsuiteTest": { - "name": "test-Gsuite", - "implementing_scripts": [ - "VerifyContextFields" - ], - "implementing_commands": [ - "googleapps-list-users" - ] - } - }, - { - "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", - "cisco-spark-list-rooms" - ] - } - }, - { - "iDefenseTest": { - "name": "iDefenseTest", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "uuid" - ] - } - }, - { - "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", - "implementing_playbooks": [ - "Block Indicators - Generic" - ] - } - }, - { - "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", - "netwitness-query" - ] - } - }, - { - "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", - "implementing_scripts": [ - "GeneratePassword", - "DeleteContext" - ], - "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", - "Google Vault - Search Drive" - ] - } - }, - { - "URLDecode-Test": { - "name": "URLDecode-Test", - "implementing_scripts": [ - "URLDecode", - "DeleteContext" - ] - } - }, - { - "Zscaler Test": { - "name": "Zscaler Test", - "implementing_scripts": [ - "GenerateUUID", - "isError" - ], - "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", - "zscaler-category-add-url" - ] - } - }, - { - "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "urlscan-search" - ] - } - }, - { - "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", - "implementing_scripts": [ - "DemistoUploadFileToIncident", - "http" - ] - } - }, - { - "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", - "ParseEmailFiles" - ] - } - }, - { - "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IncidentSet", - "DeleteContext", - "VerifyContext" - ], - "implementing_playbooks": [ - "Extract Indicators - Generic" - ] - } - }, - { - "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", - "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", - "AreValuesEqual" - ] - } - }, - { - "Phishing test - Inline": { - "name": "Phishing test - Inline", - "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Phishing Investigation - Generic" - ] - } - }, - { - "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Tenable.io Scan" - ] - } - }, - { - "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "wisdom-ip-flags", - "wisdom-domain-flags" - ] - } - }, - { - "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", - "ews-search-mailboxes" - ] - } - }, - { - "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", - "Exists" - ], - "implementing_commands": [ - "url", - "ip", - "domain", - "file" - ] - } - }, - { - "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", - "implementing_scripts": [ - "VerifyContext", - "ADGetUser" - ], - "implementing_playbooks": [ - "Calculate Severity - Critical assets" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response" - ] - } - }, - { - "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", - "TestCreateDuplicates" - ] - } - }, - { - "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", - "implementing_commands": [ - "lr-get-alarms" - ] - } - }, - { - "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", - "FindSimilarIncidents" - ] - } - }, - { - "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", - "aws-logs-delete-retention-policy" - ] - } - }, - { - "TestSkyformation": { - "name": "TestSkyformation", - "implementing_scripts": [ - "TestFail" - ], - "implementing_commands": [ - "skyformation-get-accounts" - ] - } - }, - { - "EWS test": { - "name": "EWS test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", - "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", - "ews-delete-items" - ] - } - }, - { - "ShodanTest": { - "name": "ShodanTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", - "implementing_scripts": [ - "DeleteContext", - "Exists", - "echo" - ], - "implementing_commands": [ - "sandblast-query", - "sandblast-upload" - ] - } - }, - { - "minemeld_test": { - "name": "Palo Alto MineMeld Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner" - ] - } - }, - { - "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", - "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", - "archer-get-record" - ] - } - }, - { - "LanguageDetect-Test": { - "name": "LanguageDetect-Test", - "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", - "Exists" - ] - } - }, - { - "ThreatGridTest": { - "name": "ThreatGridTest", - "implementing_scripts": [ - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", - "threat-grid-upload-sample" - ] - } - }, - { - "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", - "implementing_scripts": [ - "Set", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate URL - Generic" - ] - } - }, - { - "test-ThreatConnect": { - "name": "test-ThreatConnect", - "implementing_commands": [ - "tc-owners" - ] - } - }, - { - "TestMatchRegex": { - "name": "TestMatchRegex", - "implementing_scripts": [ - "DeleteContext", - "MatchRegex" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Generic" - ] - } - }, - { - "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - SNDBOX" - ] - } - }, - { - "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", - "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", - "TestCreateIncidents" - ], - "implementing_playbooks": [ - "DBot Create Phishing Classifier" - ] - } - }, - { - "CirclIntegrationTest": { - "name": "CIRCL Test", - "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", - "isError" - ], - "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", - "circl-dns-get" - ] - } - }, - { - "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", - "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", - "AreValuesEqual" - ] - } - }, - { - "FireEye HX Test": { - "name": "FireEye HX Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", - "fireeye-hx-get-indicator" - ] - } - }, - { - "hashicorp_test": { - "name": "hashicorp_test", - "implementing_scripts": [ - "GetTime", - "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", - "hashicorp-reset-configuration" - ] - } - }, - { - "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", - "VerifyContext" - ] - } - }, - { - "XFE Test": { - "name": "XFE Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", - "AreValuesEqual" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", - "file" - ] - } - }, - { - "Base64 File in List Test": { - "name": "Base64 File in List Test", - "implementing_scripts": [ - "VerifyContext", - "Base64ListToFile" - ], - "implementing_commands": [ - "setList" - ] - } - }, - { - "Cybereason Test": { - "name": "Cybereason Test", - "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-malops" - ] - } - }, - { - "ActiveMQ Test": { - "name": "ActiveMQ Test", - "implementing_scripts": [ - "VerifyContext", - "Sleep" - ], - "implementing_commands": [ - "activemq-send", - "activemq-subscribe" - ] - } - }, - { - "McAfeeNSMTest": { - "name": "McAfeeNSMTest", - "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", - "nsm-get-sensors" - ] - } - }, - { - "SNDBOX_Test": { - "name": "SNDBOX_Test", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", - "sndbox-is-online" - ] - } - }, - { - "Fortigate Test": { - "name": "Fortigate Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", - "fortigate-update-policy" - ] - } - }, - { - "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "sep-endpoints-info" - ] - } - }, - { - "awake_security_test_pb": { - "name": "awake_security_test_pb", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", - "email" - ] - } - }, - { - "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", - "implementing_scripts": [ - "CloseInvestigation", - "Print", - "Exists" - ], - "implementing_commands": [ - "nmap-scan" - ] - } - }, - { - "Detonate File - No Files test": { - "name": "Detonate File - No Files test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", - "ExtractEmail" - ] - } - }, - { - "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", - "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", - "AreValuesEqual" - ], - "implementing_commands": [ - "createNewIncident" - ] - } - }, - { - "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", - "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", - "AreValuesEqual" - ], - "implementing_commands": [ - "autofocus-search-sessions", - "file", - "autofocus-search-samples" - ] - } - }, - { - "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", - "remedy-incident-update" - ] - } - }, - { - "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Generic" - ], - "implementing_commands": [ - "cb-list-sensors" - ] - } - }, - { - "Test ParseCSV": { - "name": "Test ParseCSV", - "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", - "AreValuesEqual" - ] - } - }, - { - "Preempt Test": { - "name": "Preempt Test", - "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", - "preempt-add-to-watch-list" - ] - } - }, - { - "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", - "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", - "ValidateErrorExistence" - ], - "implementing_commands": [ - "ip", - "domain" - ] - } - }, - { - "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", - "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", - "AreValuesEqual" - ] - } - }, - { - "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", - "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip" - ] - } - }, - { - "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", - "aws-s3-delete-bucket" - ] - } - }, - { - "buildewsquery_test": { - "name": "BuildEWSQuery Test", - "implementing_scripts": [ - "BuildEWSQuery", - "VerifyContext" - ] - } - }, - { - "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", - "panorama-delete-address" - ] - } - }, - { - "okta_test_playbook": { - "name": "Okta test playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", - "okta-get-group-assignments" - ] - } - }, - { - "test_delete_context": { - "name": "Test Delete Context", - "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", - "isError" - ] - } - }, - { - "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", - "implementing_scripts": [ - "JiraCreateIssue-example", - "DeleteContext" - ], - "implementing_commands": [ - "jira-delete-issue" - ] - } - }, - { - "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", - "attivo-list-playbooks" - ] - } - }, - { - "email_test": { - "name": "Email Address Enrichment - Generic - Test", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Email Address Enrichment - Generic" - ] - } - }, - { - "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", - "umbrella-get-domain-queryvolume" - ] - } - }, - { - "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", - "aws-sqs-delete-queue" - ] - } - }, - { - "RedCanaryTest": { - "name": "RedCanaryTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", - "redcanary-execute-playbook" - ] - } - }, - { - "blockip_test_playbook": { - "name": "blockip_test_playbook", - "implementing_scripts": [ - "BlockIP" - ] - } - }, - { - "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Block Endpoint - Carbon Black Response" - ], - "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", - "cb-sensor-info" - ] - } - }, - { - "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", - "ReadFile" - ] - } - }, - { - "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - D2" - ] - } - }, - { - "GetTime-Test": { - "name": "GetTime-Test", - "implementing_scripts": [ - "GetTime", - "DeleteContext", - "MatchRegex" - ] - } - }, - { - "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", - "implementing_scripts": [ - "CreateEmailHtmlBody", - "DeleteContext" - ], - "implementing_commands": [ - "createList" - ] - } - }, - { - "forcepoint test": { - "name": "forcepoint test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", - "fp-delete-categories" - ] - } - }, - { - "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry" - ], - "implementing_playbooks": [ - "CrowdStrike Endpoint Enrichment" - ], - "implementing_commands": [ - "cs-device-search", - "cs-detection-search" - ] - } - }, - { - "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Endpoint Enrichment - Generic" - ] - } - }, - { - "TestHttpPlaybook": { - "name": "TestHttpPlaybook", - "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", - "http" - ] - } - }, - { - "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", - "implementing_scripts": [ - "VerifyContext", - "Sleep", - "IsMaliciousIndicatorFound" - ], - "implementing_commands": [ - "createNewIndicator" - ] - } - }, - { - "Mimecast test": { - "name": "Mimecast test", - "implementing_scripts": [ - "FetchFromInstance", - "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", - "mimecast-get-url-logs" - ] - } - }, - { - "TestParseCSV": { - "name": "TestParseCSV", - "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", - "ExportToCSV" - ] - } - }, - { - "ArcSight Logger test": { - "name": "ArcSight Logger test", - "implementing_scripts": [ - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", - "as-events" - ] - } - }, - { - "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", - "cylance-protect-add-hash-to-list" - ] - } - }, - { - "McAfeeESMTest": { - "name": "McAfeeESMTest", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", - "esm-fetch-alarms" - ] - } - }, - { - "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "Jask_Test": { - "name": "Jask Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", - "jask-get-insight-comments" - ] - } - }, - { - "RSA NetWitness Test": { - "name": "RSA NetWitness Test", - "implementing_commands": [ - "netwitness-get-incident", - "netwitness-get-incidents" - ] - } - }, - { - "Test_Sagemaker": { - "name": "Test Sagemaker", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "predict-phishing" - ] - } - }, - { - "ExtractURL Test": { - "name": "ExtractURL Test", - "implementing_scripts": [ - "Print", - "ExtractURL", - "IsTrue" - ] - } - }, - { - "tenable-sc-test": { - "name": "Tenable.sc Test", - "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", - "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", - "tenable-sc-list-users" - ] - } - }, - { - "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", - "file" - ] - } - }, - { - "TestWordFileToIOC": { - "name": "TestWordFileToIOC", - "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", - "ParseWordDoc" - ] - } - }, - { - "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", - "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", - "Exists" - ] - } - }, - { - "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", - "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", - "AreValuesEqual" - ], - "implementing_commands": [ - "url", - "ip", - "urlscan-submit" - ] - } - }, - { - "RasterizeImageTest": { - "name": "RasterizeImageTest", - "implementing_scripts": [ - "GenerateImageFileEntry", - "DeleteContext" - ], - "implementing_commands": [ - "rasterize-image", - "closeInvestigation" - ] - } - }, - { - "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", - "vigilante-search-leaks" - ] - } - }, - { - "strings-test": { - "name": "strings-test", - "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", - "VerifyContext" - ] - } - }, - { - "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Process Email - Generic" - ] - } - }, - { - "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy" - ] - } - }, - { - "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", - "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", - "CloseInvestigation" - ] - } - }, - { - "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_playbooks": [ - "Get Original Email - EWS" - ] - } - }, - { - "Remedy AR Test": { - "name": "Remedy AR Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "remedy-get-server-details" - ] - } - }, - { - "WordTokenizeTest": { - "name": "WordTokenizeTest", - "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", - "DeleteContext" - ] - } - }, - { - "ExtractDomainTest": { - "name": "ExtractDomainTest", - "implementing_scripts": [ - "VerifyContext", - "ExtractDomain" - ] - } - }, - { - "TestCommonPython": { - "name": "TestCommonPython", - "implementing_scripts": [ - "TestPYCommonServer" - ] - } - }, - { - "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect" - ] - } - }, - { - "TestPacketsled": { - "name": "TestPacketsled", - "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", - "packetsled-get-incidents" - ] - } - }, - { - "EWS search-mailbox test": { - "name": "EWS search-mailbox test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", - "send-mail" - ] - } - }, - { - "IntSights Test": { - "name": "IntSights Test", - "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", - "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", - "intsights-get-alert-activities" - ] - } - }, - { - "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", - "implementing_scripts": [ - "ContextContains", - "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", - "salesforce-query" - ] - } - }, - { - "Wildfire Test": { - "name": "Wildfire Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", - "wildfire-report" - ] - } - }, - { - "Vectra-test": { - "name": "Vectra-test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", - "vectra-detections" - ] - } - }, - { - "CuckooTest": { - "name": "CuckooTest", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate URL - Cuckoo", - "Detonate File - Cuckoo" - ] - } - }, - { - "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", - "implementing_scripts": [ - "VerifyContext", - "TextFromHTML" - ] - } - }, - { - "PhishAi-Test": { - "name": "PhishAi-Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "phish-ai-scan-url" - ] - } - }, - { - "Phishing test - attachment": { - "name": "Phishing test - attachment", - "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Phishing Investigation - Generic" - ] - } - }, - { - "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Protection" - ] - } - }, - { - "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", - "implementing_playbooks": [ - "Detonate URL - Phish.AI" - ] - } - }, - { - "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "file" - ] - } - }, - { - "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response" - ], - "implementing_commands": [ - "cb-list-sensors" - ] - } - }, - { - "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", - "implementing_scripts": [ - "VerifyHumanReadableEquals" - ], - "implementing_commands": [ - "pgsql-query" - ] - } - }, - { - "DUO Test Playbook": { - "name": "DUO Test Playbook", - "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", - "PrintContext" - ], - "implementing_commands": [ - "duo-preauth" - ] - } - }, - { - "secureworks_test": { - "name": "Secureworks test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", - "secure-works-get-tickets-updates" - ] - } - }, - { - "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", - "implementing_scripts": [ - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "File Enrichment - Generic" - ] - } - }, - { - "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", - "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", - "DeleteContext" - ] - } - }, - { - "ZipFile-Test": { - "name": "ZipFile-Test", - "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", - "DeleteContext" - ] - } - }, - { - "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", - "implementing_scripts": [ - "VerifyContext", - "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", - "aws-iam-delete-instance-profile" - ] - } - }, - { - "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", - "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", - "AreValuesEqual" - ] - } - }, - { - "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", - "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", - "PrintContext" - ], - "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", - "mwg-get-available-lists" - ] - } - }, - { - "DemistoLockTest": { - "name": "DemistoLockTest", - "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", - "isError" - ], - "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", - "demisto-lock-info" - ] - } - }, - { - "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - BitDam" - ] - } - }, - { - "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", - "lum-get-http-access-logs" - ] - } - }, - { - "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", - "mar-search" - ] - } - }, - { - "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", - "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", - "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", - "cb-session-close" - ] - } - }, - { - "Recorded Future Test": { - "name": "Recorded Future Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", - "file" - ] - } - }, - { - "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", - "netwitness-get-machine-module" - ] - } - }, - { - "DNSDBTest": { - "name": "DNSDBTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "dnsdb-rrset", - "dnsdb-rdata" - ] - } - }, - { - "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", - "implementing_scripts": [ - "VerifyTableToMarkDown", - "VerifyTreeToFlatObject" - ] - } - }, - { - "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set" - ], - "implementing_playbooks": [ - "Domain Enrichment - Generic" - ] - } - }, - { - "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", - "file" - ] - } - }, - { - "ParseExcel-test": { - "name": "ParseExcel-test", - "implementing_scripts": [ - "ParseExcel", - "DeleteContext", - "http" - ] - } - }, - { - "Zoom_Test": { - "name": "Zoom_Test", - "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", - "DeleteContext" - ], - "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", - "zoom-delete-user" - ] - } - }, - { - "DomainTools-Test": { - "name": "DomainTools-Test", - "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", - "reverseIP" - ] - } - }, - { - "RedLockTest": { - "name": "RedLockTest", - "implementing_scripts": [ - "DeleteContext" - ], - "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts" - ] - } - }, - { - "TruSTAR Test": { - "name": "TruSTAR Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", - "trustar-search-indicators" - ] - } - }, - { - "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", - "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext" - ], - "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", - "Detonate URL - JoeSecurity" - ] - } - }, - { - "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", - "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", - "AreValuesEqual" - ], - "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", - "smg-unblock-email" - ] - } - }, - { - "devo_test_playbook": { - "name": "Devo test playbook", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "devo-query" - ] - } - }, - { - "Lastline - testplaybook": { - "name": "Lastline - testplaybook", - "implementing_scripts": [ - "DeleteContext", - "Set", - "http" - ], - "implementing_playbooks": [ - "Detonate URL - Lastline", - "Detonate File - Lastline" - ] - } - }, - { - "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "implementing_scripts": [ - "DeleteContext", - "http" - ], - "implementing_playbooks": [ - "Detonate File - Generic" - ] - } - }, - { - "Test CommonServer": { - "name": "Test CommonServer", - "implementing_scripts": [ - "TestFormatTableValues" - ] - } - }, - { - "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", - "implementing_scripts": [ - "RaiseError", - "Print", - "Set" - ] - } - }, - { - "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", - "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext" - ], - "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", - "vt-private-get-domain-report" - ] - } - }, - { - "SCADAfence_test": { - "name": "SCADAfence_test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAlerts" - ] - } - }, - { - "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", - "implementing_scripts": [ - "SEPScan", - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", - "sep-system-info" - ] - } - }, - { - "PagerDuty Test": { - "name": "PagerDuty Test", - "implementing_scripts": [ - "VerifyContext" - ], - "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call-now" - ] - } - }, - { - "pan-appframework-test": { - "name": "pan-appframework-test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "pan-appframework-query-logs" - ] - } - }, - { - "TestSafeBreach": { - "name": "TestSafeBreach", - "implementing_commands": [ - "safebreach-get-simulation", - "safebreach-rerun" - ] - } - }, - { - "ExifReadTest": { - "name": "ExifReadTest", - "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", - "DeleteContext" - ], - "implementing_commands": [ - "closeInvestigation" - ] - } - }, - { - "McAfee-TIE Test": { - "name": "McAfee-TIE Test", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "tie-file-references", - "file", - "tie-set-file-reputation" - ] - } - }, - { - "SymantecMSSTest": { - "name": "SymantecMSSTest", - "implementing_scripts": [ - "VerifyContext", - "DeleteContext" - ], - "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", - "symantec-mss-get-incident" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - } - ] +{ + "scripts": [ + { + "AwsStopInstance": { + "name": "AwsStopInstance", + "depends_on": [ + "stop-instance" + ] + } + }, + { + "PWFindEvents": { + "name": "PWFindEvents", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "QRadarClassifier": { + "name": "QRadarClassifier", + "deprecated": true, + "depends_on": [ + "qradar-searches" + ] + } + }, + { + "VolLDRModules": { + "name": "VolLDRModules" + } + }, + { + "CPShowHosts": { + "name": "CPShowHosts", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "PWSensors": { + "name": "PWSensors", + "deprecated": true, + "depends_on": [ + "sensors" + ], + "script_executions": [ + "sensors" + ] + } + }, + { + "ADListComputers": { + "name": "ADListComputers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CheckWhitelist": { + "name": "CheckWhitelist", + "deprecated": true, + "script_executions": [ + "getList" + ] + } + }, + { + "VectraHosts": { + "name": "VectraHosts", + "deprecated": true, + "depends_on": [ + "vec-hosts" + ] + } + }, + { + "SetContext": { + "name": "SetContext", + "deprecated": true + } + }, + { + "D2Autoruns": { + "name": "D2Autoruns" + } + }, + { + "MathUtil": { + "name": "MathUtil" + } + }, + { + "CBFindHash": { + "name": "CBFindHash", + "deprecated": true, + "depends_on": [ + "cb-binary" + ] + } + }, + { + "SendEmailToManager": { + "name": "SendEmailToManager", + "fromversion": "3.5.0", + "depends_on": [ + "ad-search", + "send-mail" + ], + "script_executions": [ + "AdSearch", + "AdSearch", + "addEntitlement" + ] + } + }, + { + "FileCreateAndUpload": { + "name": "FileCreateAndUpload" + } + }, + { + "DecodeMimeHeader": { + "name": "DecodeMimeHeader" + } + }, + { + "WildfireUpload": { + "name": "WildfireUpload", + "deprecated": true, + "depends_on": [ + "wildfire-upload" + ] + } + }, + { + "CYFileRep": { + "name": "CYFileRep", + "depends_on": [ + "file", + "cy-upload" + ], + "script_executions": [ + "getEntry", + "file", + "file" + ] + } + }, + { + "PanoramaPcaps": { + "name": "PanoramaPcaps", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "ExtractDomain": { + "name": "ExtractDomain", + "toversion": "3.0.0" + } + }, + { + "ExposeUsers": { + "name": "ExposeUsers", + "deprecated": true + } + }, + { + "Print": { + "name": "Print" + } + }, + { + "CSIndicators": { + "name": "CSIndicators", + "deprecated": true, + "depends_on": [ + "cs-indicators" + ] + } + }, + { + "PWEventPcapInfo": { + "name": "PWEventPcapInfo", + "deprecated": true, + "depends_on": [ + "event-pcap-info" + ] + } + }, + { + "JiraIssueQuery": { + "name": "JiraIssueQuery", + "deprecated": true, + "depends_on": [ + "jira-issue-query" + ] + } + }, + { + "ADGetAllUsersEmail": { + "name": "ADGetAllUsersEmail", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CuckooDetonateFile": { + "name": "CuckooDetonateFile", + "depends_on": [ + "cuckoo-create-task-from-file" + ] + } + }, + { + "EPORepoList": { + "name": "EPORepoList", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "GrrSetFlows": { + "name": "GrrSetFlows", + "depends_on": [ + "grr_set_flows" + ], + "script_executions": [ + "grr_set_flows" + ] + } + }, + { + "VectraGetDetetctionsById": { + "name": "VectraGetDetetctionsById", + "deprecated": true, + "depends_on": [ + "vec-get-detetctions-by-id" + ] + } + }, + { + "CommonD2": { + "name": "CommonD2" + } + }, + { + "FilterByList": { + "name": "FilterByList", + "script_executions": [ + "getList" + ] + } + }, + { + "ExtractHash": { + "name": "ExtractHash" + } + }, + { + "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { + "name": "commentsToContext" + } + }, + { + "ConvertXmlFileToJson": { + "name": "ConvertXmlFileToJson" + } + }, + { + "IPExtract": { + "name": "IPExtract", + "deprecated": true + } + }, + { + "DBotAverageScore": { + "name": "DBotAverageScore" + } + }, + { + "NessusCreateScan": { + "name": "NessusCreateScan", + "deprecated": true, + "depends_on": [ + "scan-create" + ] + } + }, + { + "StixParser": { + "name": "StixParser" + } + }, + { + "NessusShowEditorTemplates": { + "name": "NessusShowEditorTemplates", + "deprecated": true, + "depends_on": [ + "nessus-get-scans-editors" + ] + } + }, + { + "QrFullSearch": { + "name": "QrFullSearch", + "deprecated": true, + "depends_on": [ + "QrGetSearchResults", + "qr-get-search", + "qr-searches" + ], + "script_executions": [ + "QrGetSearchResults" + ] + } + }, + { + "FetchFromInstance": { + "name": "FetchFromInstance", + "fromversion": "4.0.0", + "deprecated": true + } + }, + { + "a6e348f4-1e40-4365-870c-52139c60779a": { + "name": "OktaGetUser", + "deprecated": true, + "depends_on": [ + "okta-get-user" + ] + } + }, + { + "VolConnscan": { + "name": "VolConnscan" + } + }, + { + "840aa9a7-04b2-4505-8238-8fe85f010dde": { + "name": "OktaActivateUser", + "deprecated": true, + "depends_on": [ + "okta-activate-user" + ] + } + }, + { + "CBLiveGetFile": { + "name": "CBLiveGetFile", + "depends_on": [ + "cb-session-create", + "cb-sensor-info", + "cb-command-create", + "cb-session-info", + "cb-file-get", + "cb-command-info", + "cb-list-sessions" + ] + } + }, + { + "ScheduleGenericPolling": { + "name": "ScheduleGenericPolling", + "fromversion": "4.0.0" + } + }, + { + "AddEvidence": { + "name": "AddEvidence", + "fromversion": "2.5.0" + } + }, + { + "Ping": { + "name": "Ping" + } + }, + { + "EncodeToAscii": { + "name": "EncodeToAscii" + } + }, + { + "ServiceNowCreateIncident": { + "name": "ServiceNowCreateIncident", + "depends_on": [ + "servicenow-query-table", + "servicenow-create-record" + ] + } + }, + { + "TriagePhishing": { + "name": "TriagePhishing", + "deprecated": true + } + }, + { + "LessThanPercentage": { + "name": "LessThanPercentage" + } + }, + { + "TrendmicroAlertStatus": { + "name": "TrendmicroAlertStatus", + "depends_on": [ + "trendmicro-alert-status" + ] + } + }, + { + "SandboxDetonateFile": { + "name": "SandboxDetonateFile", + "script_executions": [ + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "getEntry", + "CuckooDetonateFile", + "CuckooTaskStatus", + "CuckooGetReport" + ] + } + }, + { + "ParseEmailFiles": { + "name": "ParseEmailFiles", + "script_executions": [ + "getEntry", + "getFilePath" + ] + } + }, + { + "ConferSetSeverity": { + "name": "ConferSetSeverity", + "depends_on": [ + "confer" + ], + "script_executions": [ + "setSeverity" + ] + } + }, + { + "ReverseList": { + "name": "ReverseList" + } + }, + { + "ImpSfListEndpoints": { + "name": "ImpSfListEndpoints", + "depends_on": [ + "imp-sf-list-endpoints" + ] + } + }, + { + "9364c36f-b1d6-4233-88c2-75008b106c31": { + "name": "vmray_getResults", + "depends_on": [ + "get_job_sample" + ], + "script_executions": [ + "get_job_sample", + "get_results", + "scheduleEntry" + ] + } + }, + { + "InviteUser": { + "name": "InviteUser" + } + }, + { + "VectraDetections": { + "name": "VectraDetections", + "deprecated": true, + "depends_on": [ + "vec-detections" + ] + } + }, + { + "StaticAnalyze": { + "name": "StaticAnalyze" + } + }, + { + "GetContextValue": { + "name": "GetContextValue", + "deprecated": true + } + }, + { + "TaniumFilterComputersByIndexQueryFileDetails": { + "name": "TaniumFilterComputersByIndexQueryFileDetails", + "depends_on": [ + "tn-ask-manual-question" + ] + } + }, + { + "D2O365ComplianceSearch": { + "name": "D2O365ComplianceSearch" + } + }, + { + "SearchIncidents": { + "name": "SearchIncidents" + } + }, + { + "CuckooDisplayReport": { + "name": "CuckooDisplayReport", + "depends_on": [ + "ck-report" + ], + "script_executions": [ + "getFilePath", + "getEntry" + ] + } + }, + { + "VolPSList": { + "name": "VolPSList" + } + }, + { + "CBLiveProcessList": { + "name": "CBLiveProcessList", + "depends_on": [ + "cb-command-info", + "cb-command-create" + ] + } + }, + { + "GoogleappsGmailGetMail": { + "name": "GoogleappsGmailGetMail", + "deprecated": true, + "depends_on": [ + "googleapps-gmail-get-mail" + ] + } + }, + { + "PTEnrich": { + "name": "PTEnrich", + "depends_on": [ + "pt-osint", + "pt-whois", + "pt-malware", + "pt-enrichment", + "pt-get-subdomains", + "pt-ssl-cert", + "pt-passive-dns" + ] + } + }, + { + "ResolveShortenedURL": { + "name": "ResolveShortenedURL" + } + }, + { + "CommonServerUserPython": { + "name": "CommonServerUserPython" + } + }, + { + "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { + "name": "NetwitnessSearch", + "depends_on": [ + "nw-sdk-search" + ] + } + }, + { + "RunSqlQuery": { + "name": "RunSqlQuery", + "deprecated": true, + "depends_on": [ + "query" + ], + "script_executions": [ + "query" + ] + } + }, + { + "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { + "name": "VerifyContext", + "deprecated": true + } + }, + { + "TimeStampToDate": { + "name": "TimeStampToDate" + } + }, + { + "SlackAskUser": { + "name": "SlackAskUser", + "toversion": "3.1.0", + "depends_on": [ + "slack-send" + ], + "script_executions": [ + "addOneTimeEntitlement" + ] + } + }, + { + "CPShowAccessRulebase": { + "name": "CPShowAccessRulebase", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "VolNetworkConnections": { + "name": "VolNetworkConnections" + } + }, + { + "DemistoDeleteIncident": { + "name": "DemistoDeleteIncident", + "deprecated": true, + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "SSDeepReputation": { + "name": "SSDeepReputation", + "script_executions": [ + "findIndicators", + "getContext" + ] + } + }, + { + "GrrGetHunt": { + "name": "GrrGetHunt", + "depends_on": [ + "grr_get_hunt" + ], + "script_executions": [ + "grr_get_hunt" + ] + } + }, + { + "findIncidentsWithIndicator": { + "name": "findIncidentsWithIndicator" + } + }, + { + "ExifRead": { + "name": "ExifRead" + } + }, + { + "AlgosecGetTicket": { + "name": "AlgosecGetTicket", + "depends_on": [ + "algosec-get-ticket" + ] + } + }, + { + "IncapGetDomainApproverEmail": { + "name": "IncapGetDomainApproverEmail", + "depends_on": [ + "incap-get-domain-approver-email" + ] + } + }, + { + "ElasticSearchDisplay": { + "name": "ElasticSearchDisplay", + "depends_on": [ + "search" + ] + } + }, + { + "ContextGetIps": { + "name": "ContextGetIps" + } + }, + { + "D2Hardware": { + "name": "D2Hardware" + } + }, + { + "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { + "name": "OktaSearch", + "deprecated": true, + "depends_on": [ + "okta-search" + ] + } + }, + { + "TrendmicroSecurityProfileRetrieveAll": { + "name": "TrendmicroSecurityProfileRetrieveAll", + "depends_on": [ + "trendmicro-security-profile-retrieve-all" + ] + } + }, + { + "PanoramaConfig": { + "name": "PanoramaConfig", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "RepopulateFiles": { + "name": "RepopulateFiles", + "script_executions": [ + "getEntries" + ] + } + }, + { + "SendMessageToOnlineUsers": { + "name": "SendMessageToOnlineUsers" + } + }, + { + "SetIncidentCustomFields": { + "name": "SetIncidentCustomFields" + } + }, + { + "CEFParser": { + "name": "CEFParser" + } + }, + { + "ADSetNewPassword": { + "name": "ADSetNewPassword", + "deprecated": true, + "depends_on": [ + "ad-set-new-password" + ] + } + }, + { + "misp_upload_sample": { + "name": "misp_upload_sample", + "depends_on": [ + "internal-misp-upload-sample" + ], + "script_executions": [ + "getFilePath" + ] + } + }, + { + "IsValueInArray": { + "name": "IsValueInArray" + } + }, + { + "displayhtml": { + "name": "DisplayHTML" + } + }, + { + "VectraClassifier": { + "name": "VectraClassifier", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "JSONtoCSV": { + "name": "JSONtoCSV", + "script_executions": [ + "getEntry" + ] + } + }, + { + "ConferIncidentDetails": { + "name": "ConferIncidentDetails", + "depends_on": [ + "confer" + ] + } + }, + { + "ParseJSON": { + "name": "ParseJSON" + } + }, + { + "ScheduleCommand": { + "name": "ScheduleCommand" + } + }, + { + "XBTimeline": { + "name": "XBTimeline", + "depends_on": [ + "xb-timeline" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "toversion": "3.1.0" + } + }, + { + "IncidentSet": { + "name": "IncidentSet", + "toversion": "3.5.0", + "script_executions": [ + "setOwner", + "setStage", + "setIncident", + "setPlaybook" + ] + } + }, + { + "DataIPReputation": { + "name": "DataIPReputation", + "deprecated": true + } + }, + { + "URLSSLVerification": { + "name": "URLSSLVerification" + } + }, + { + "EmailDomainSquattingReputation": { + "name": "EmailDomainSquattingReputation" + } + }, + { + "XBUser": { + "name": "XBUser", + "depends_on": [ + "xb-user" + ] + } + }, + { + "SNUpdateTicket": { + "name": "SNUpdateTicket", + "deprecated": true, + "depends_on": [ + "servicenow-incident-update" + ] + } + }, + { + "ticksToTime": { + "name": "ticksToTime" + } + }, + { + "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { + "name": "VirustotalIsMalicious", + "deprecated": true, + "depends_on": [ + "file" + ], + "script_executions": [ + "file", + "file" + ] + } + }, + { + "TopMaliciousRatioIndicators": { + "name": "TopMaliciousRatioIndicators", + "fromversion": "4.0.0", + "script_executions": [ + "findIndicators", + "maliciousRatio" + ] + } + }, + { + "SetMultipleValues": { + "name": "SetMultipleValues" + } + }, + { + "PanoramaCommit": { + "name": "PanoramaCommit", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "CloseInvestigation": { + "name": "CloseInvestigation", + "deprecated": true + } + }, + { + "CrowdStrikeUrlParse": { + "name": "CrowdStrikeUrlParse" + } + }, + { + "MarkRelatedIncidents": { + "name": "MarkRelatedIncidents" + } + }, + { + "DemistoSendInvite": { + "name": "DemistoSendInvite", + "depends_on": [ + "demisto-api-post", + "demisto-api-get" + ] + } + }, + { + "CommonIntegrationPython": { + "name": "CommonIntegrationPython", + "deprecated": true + } + }, + { + "RunDockerCommand": { + "name": "RunDockerCommand" + } + }, + { + "GoogleappsGmailSearch": { + "name": "GoogleappsGmailSearch", + "deprecated": true, + "depends_on": [ + "googleapps-gmail-search" + ] + } + }, + { + "EPODetermineRepository": { + "name": "EPODetermineRepository", + "deprecated": true + } + }, + { + "emailFieldTriggered": { + "name": "emailFieldTriggered" + } + }, + { + "TrendMicroGetPolicyID": { + "name": "TrendMicroGetPolicyID", + "depends_on": [ + "trendmicro-security-profile-retrieve-all" + ], + "script_executions": [ + "TrendmicroSecurityProfileRetrieveAll" + ] + } + }, + { + "AquatoneDiscover": { + "name": "AquatoneDiscover" + } + }, + { + "ExtractDomainFromURL": { + "name": "ExtractDomainFromURL", + "deprecated": true + } + }, + { + "NetwitnessSAUpdateIncident": { + "name": "NetwitnessSAUpdateIncident", + "deprecated": true, + "depends_on": [ + "nw-update-incident" + ] + } + }, + { + "UnzipFile": { + "name": "UnzipFile", + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "NetwitnessSAGetAvailableAssignees": { + "name": "NetwitnessSAGetAvailableAssignees", + "depends_on": [ + "nw-get-available-assignees" + ] + } + }, + { + "QualysCreateIncidentFromReport": { + "name": "QualysCreateIncidentFromReport", + "depends_on": [ + "qualys-host-list" + ], + "script_executions": [ + "getIncidents" + ] + } + }, + { + "CuckooDetonateURL": { + "name": "CuckooDetonateURL", + "depends_on": [ + "cuckoo-create-task-from-url" + ] + } + }, + { + "UserEnrichAD": { + "name": "UserEnrichAD", + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUser" + ] + } + }, + { + "WordTokenizer": { + "name": "WordTokenizer" + } + }, + { + "da8594b8-0b57-4cb2-8578-94754bb577c6": { + "name": "NetwitnessSAListIncidents", + "depends_on": [ + "nw-list-incidents" + ] + } + }, + { + "IsContextSet": { + "name": "IsContextSet", + "deprecated": true + } + }, + { + "Set": { + "name": "Set" + } + }, + { + "ArcherCreateSecurityIncident": { + "name": "ArcherCreateSecurityIncident", + "depends_on": [ + "archer-create-record" + ] + } + }, + { + "VolMalfindDumpAgent": { + "name": "VolMalfindDumpAgent" + } + }, + { + "TrendmicroSystemEventRetrieve": { + "name": "TrendmicroSystemEventRetrieve", + "depends_on": [ + "trendmicro-system-event-retrieve" + ] + } + }, + { + "MimecastFindEmail": { + "name": "MimecastFindEmail", + "depends_on": [ + "mimecast-query" + ] + } + }, + { + "D2Drop": { + "name": "D2Drop" + } + }, + { + "TaniumFindRunningProcesses": { + "name": "TaniumFindRunningProcesses", + "deprecated": true, + "depends_on": [ + "tn-add-question-complex", + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "NessusScanDetails": { + "name": "NessusScanDetails", + "deprecated": true, + "depends_on": [ + "scan-details" + ] + } + }, + { + "CBPCatalogFindHash": { + "name": "CBPCatalogFindHash", + "depends_on": [ + "cbp-fileCatalog-search" + ] + } + }, + { + "checkValue": { + "name": "checkValue" + } + }, + { + "WhileLoop": { + "name": "WhileLoop", + "deprecated": true + } + }, + { + "D2GetSystemLog": { + "name": "D2GetSystemLog" + } + }, + { + "CopyFileD2": { + "name": "CopyFileD2" + } + }, + { + "CheckFilesWildfirePy": { + "name": "CheckFilesWildfirePy", + "depends_on": [ + "wildfire-upload", + "wildfire-report" + ], + "script_executions": [ + "getEntries" + ] + } + }, + { + "ADGetGroupMembers": { + "name": "ADGetGroupMembers", + "depends_on": [ + "ad-search" + ] + } + }, + { + "SCPPullFiles": { + "name": "SCPPullFiles", + "depends_on": [ + "copy-from" + ] + } + }, + { + "ReadFile": { + "name": "ReadFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VectraSensors": { + "name": "VectraSensors", + "deprecated": true, + "depends_on": [ + "vec-sensors" + ] + } + }, + { + "QRadarFullSearch": { + "name": "QRadarFullSearch", + "deprecated": true, + "depends_on": [ + "qradar-get-search", + "qradar-get-search-results", + "qradar-searches" + ] + } + }, + { + "CSActors": { + "name": "CSActors", + "deprecated": true, + "depends_on": [ + "cs-actors" + ] + } + }, + { + "NessusGetReport": { + "name": "NessusGetReport", + "deprecated": true, + "depends_on": [ + "scan-report-download", + "scan-export", + "scan-export-status" + ] + } + }, + { + "VolRaw": { + "name": "VolRaw" + } + }, + { + "Base64Encode": { + "name": "Base64Encode" + } + }, + { + "LCMAcknowledgeHost": { + "name": "LCMAcknowledgeHost", + "depends_on": [ + "lcm-acknowledge-host" + ], + "script_executions": [ + "LCMHosts" + ] + } + }, + { + "ExtractEmail": { + "name": "ExtractEmail" + } + }, + { + "NexposeVulnExtractor": { + "name": "NexposeVulnExtractor", + "depends_on": [ + "nexpose" + ] + } + }, + { + "XBTriggeredRules": { + "name": "XBTriggeredRules", + "depends_on": [ + "xb-triggered-rules" + ] + } + }, + { + "LoadJSON": { + "name": "LoadJSON" + } + }, + { + "CommonUserServer": { + "name": "CommonUserServer" + } + }, + { + "IsMaliciousIndicatorFound": { + "name": "IsMaliciousIndicatorFound" + } + }, + { + "D2ActiveUsers": { + "name": "D2ActiveUsers" + } + }, + { + "BuildEWSQuery": { + "name": "BuildEWSQuery" + } + }, + { + "da330ce7-3a93-430c-8454-03b96cf5184e": { + "name": "OktaCreateUser", + "deprecated": true, + "depends_on": [ + "okta-create-user" + ] + } + }, + { + "JiraIssueUploadFile": { + "name": "JiraIssueUploadFile", + "deprecated": true, + "depends_on": [ + "jira-issue-upload-file" + ] + } + }, + { + "PanoramaDynamicAddressGroup": { + "name": "PanoramaDynamicAddressGroup", + "deprecated": true + } + }, + { + "ActiveUsersD2": { + "name": "ActiveUsersD2" + } + }, + { + "ParseExcel": { + "name": "ParseExcel", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "MatchRegex": { + "name": "MatchRegex" + } + }, + { + "ip_to_host": { + "name": "IPToHost" + } + }, + { + "AlgosecGetNetworkObject": { + "name": "AlgosecGetNetworkObject", + "depends_on": [ + "algosec-get-network-object" + ] + } + }, + { + "Autoruns": { + "name": "Autoruns" + } + }, + { + "VectraTriage": { + "name": "VectraTriage", + "deprecated": true, + "depends_on": [ + "vec-triage" + ] + } + }, + { + "ATDDetonate": { + "name": "ATDDetonate", + "depends_on": [ + "atd-get-report", + "atd-file-upload", + "atd-check-status" + ] + } + }, + { + "XBInfo": { + "name": "XBInfo" + } + }, + { + "NetwitnessSACreateIncident": { + "name": "NetwitnessSACreateIncident", + "depends_on": [ + "nw-create-incident" + ] + } + }, + { + "ExchangeSearchMailbox": { + "name": "ExchangeSearchMailbox" + } + }, + { + "DT": { + "name": "DT" + } + }, + { + "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { + "name": "VerifyContextFields", + "deprecated": true + } + }, + { + "5d44a5d9-d91a-4420-801f-755f26b60c47": { + "name": "cveLatest", + "deprecated": true, + "depends_on": [ + "cve-latest" + ] + } + }, + { + "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { + "name": "CheckpointFWCreateBackup", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "DemistoLogsBundle": { + "name": "DemistoLogsBundle", + "depends_on": [ + "demisto-api-download" + ] + } + }, + { + "ContextGetEmails": { + "name": "ContextGetEmails" + } + }, + { + "nexpose_create_incidents_from_assets": { + "name": "NexposeCreateIncidentsFromAssets", + "depends_on": [ + "nexpose-get-asset" + ], + "script_executions": [ + "getIncidents" + ] + } + }, + { + "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { + "name": "BlockIP" + } + }, + { + "ExchangeSearch": { + "name": "ExchangeSearch", + "deprecated": true, + "depends_on": [ + "ews-search-mailbox" + ] + } + }, + { + "CPSetRule": { + "name": "CPSetRule", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint", + "checkpoint" + ] + } + }, + { + "VolGetProcWithMalNetConn": { + "name": "VolGetProcWithMalNetConn" + } + }, + { + "ConvertTableToHTML": { + "name": "ConvertTableToHTML" + } + }, + { + "StringLength": { + "name": "StringLength" + } + }, + { + "CuckooGetScreenshot": { + "name": "CuckooGetScreenshot", + "depends_on": [ + "cuckoo-task-screenshot" + ] + } + }, + { + "VolMalfind": { + "name": "VolMalfind" + } + }, + { + "ExposeModules": { + "name": "ExposeModules", + "deprecated": true + } + }, + { + "GrrGetFlows": { + "name": "GrrGetFlows", + "depends_on": [ + "grr_get_flows" + ], + "script_executions": [ + "grr_get_flows" + ] + } + }, + { + "IsTrue": { + "name": "IsTrue" + } + }, + { + "SplunkSearchJsonPy": { + "name": "SplunkSearchJsonPy", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "UnEscapeURLs": { + "name": "UnEscapeURLs" + } + }, + { + "ProofpointDecodeURL": { + "name": "ProofpointDecodeURL" + } + }, + { + "ReadPDFFile": { + "name": "ReadPDFFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "ContextContains": { + "name": "ContextContains" + } + }, + { + "ADIsUserMember": { + "name": "ADIsUserMember", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUserGroups", + "AdSearch" + ] + } + }, + { + "PanoramaMove": { + "name": "PanoramaMove", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "ADGetUserGroups": { + "name": "ADGetUserGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "ADUserLogonInfo": { + "name": "ADUserLogonInfo", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "Osxcollector": { + "name": "Osxcollector" + } + }, + { + "PWObservationPcapInfo": { + "name": "PWObservationPcapInfo", + "deprecated": true, + "depends_on": [ + "observation-pcap-info" + ] + } + }, + { + "QrSearches": { + "name": "QrSearches", + "deprecated": true, + "depends_on": [ + "qr-searches" + ] + } + }, + { + "ExtractIndicatorsFromTextFile": { + "name": "ExtractIndicatorsFromTextFile" + } + }, + { + "CheckIPs": { + "name": "CheckIPs", + "deprecated": true, + "script_executions": [ + "ip" + ] + } + }, + { + "VolDlllist": { + "name": "VolDlllist" + } + }, + { + "FPSetRule": { + "name": "FPSetRule", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "TrendMicroClassifier": { + "name": "TrendMicroClassifier", + "depends_on": [ + "trendmicro-alert-status" + ] + } + }, + { + "TrendMicroGetHostID": { + "name": "TrendMicroGetHostID", + "depends_on": [ + "trendmicro-host-retrieve-all" + ], + "script_executions": [ + "TrendmicroHostRetrieveAll" + ] + } + }, + { + "ExtractDomainFromUrlAndEmail": { + "name": "ExtractDomainFromUrlAndEmail" + } + }, + { + "VectraSettings": { + "name": "VectraSettings", + "deprecated": true, + "depends_on": [ + "vec-settings" + ] + } + }, + { + "GenerateInvestigationSummaryReport": { + "name": "GenerateInvestigationSummaryReport", + "fromversion": "3.5.0" + } + }, + { + "DataDomainReputation": { + "name": "DataDomainReputation", + "fromversion": "3.1.0" + } + }, + { + "EPORepositoryComplianceCheck": { + "name": "EPORepositoryComplianceCheck", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "PWObservations": { + "name": "PWObservations", + "deprecated": true, + "depends_on": [ + "observation-search" + ] + } + }, + { + "DBotPredictTextLabel": { + "name": "DBotPredictTextLabel", + "fromversion": "4.1.0", + "script_executions": [ + "getList" + ] + } + }, + { + "InRange": { + "name": "InRange" + } + }, + { + "IngestCSV": { + "name": "IngestCSV", + "deprecated": true, + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "TrendmicroHostAntimalwareScan": { + "name": "TrendmicroHostAntimalwareScan", + "depends_on": [ + "trendmicro-host-antimalware-scan" + ] + } + }, + { + "QrGetSearchResults": { + "name": "QrGetSearchResults", + "deprecated": true, + "depends_on": [ + "qr-get-search-results" + ] + } + }, + { + "NessusHostDetails": { + "name": "NessusHostDetails", + "deprecated": true, + "depends_on": [ + "scan-host-details" + ] + } + }, + { + "WhereFieldEquals": { + "name": "WhereFieldEquals" + } + }, + { + "OSQueryUsers": { + "name": "OSQueryUsers", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "CrowdStrikeStreamingPreProcessing": { + "name": "CrowdStrikeStreamingPreProcessing", + "script_executions": [ + "addEntries" + ] + } + }, + { + "Strings": { + "name": "Strings", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "QrOffenses": { + "name": "QrOffenses", + "deprecated": true, + "depends_on": [ + "qr-offenses" + ] + } + }, + { + "LCMHosts": { + "name": "LCMHosts" + } + }, + { + "RegProbeBasic": { + "name": "RegProbeBasic" + } + }, + { + "ContextGetHashes": { + "name": "ContextGetHashes" + } + }, + { + "NexposeEmailParser": { + "name": "NexposeEmailParser", + "depends_on": [ + "nexpose" + ] + } + }, + { + "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { + "name": "WhileNotMdLoop", + "deprecated": true + } + }, + { + "SlackMirror": { + "name": "SlackMirror", + "deprecated": true, + "depends_on": [ + "slack-mirror-investigation" + ] + } + }, + { + "CheckFiles": { + "name": "CheckFiles", + "deprecated": true, + "depends_on": [ + "file" + ] + } + }, + { + "IsIPInRanges": { + "name": "IsIPInRanges" + } + }, + { + "CBSessions": { + "name": "CBSessions", + "depends_on": [ + "cb-list-sessions" + ] + } + }, + { + "JSONFileToCSV": { + "name": "JSONFileToCSV", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "GeneratePassword": { + "name": "GeneratePassword" + } + }, + { + "IncidentSet": { + "name": "IncidentSet", + "fromversion": "3.5.1", + "deprecated": true, + "script_executions": [ + "setOwner", + "setStage", + "setIncident", + "setPlaybook" + ] + } + }, + { + "GoogleAuthURL": { + "name": "GoogleAuthURL" + } + }, + { + "DataURLReputation": { + "name": "DataURLReputation", + "toversion": "3.0.1" + } + }, + { + "IPReputation": { + "name": "IPReputation", + "script_executions": [ + "ip" + ] + } + }, + { + "AwsCreateImage": { + "name": "AwsCreateImage", + "depends_on": [ + "create-image" + ] + } + }, + { + "WildfireReport": { + "name": "WildfireReport", + "deprecated": true, + "depends_on": [ + "wildfire-report" + ] + } + }, + { + "LCMIndicatorsForEntity": { + "name": "LCMIndicatorsForEntity", + "depends_on": [ + "lcm-indicatorsforentity" + ] + } + }, + { + "hideFieldsOnNewIncident": { + "name": "hideFieldsOnNewIncident", + "fromversion": "3.6.0" + } + }, + { + "ImpSfScheduleTask": { + "name": "ImpSfScheduleTask", + "depends_on": [ + "ImpSfRevokeUnaccessedDevices", + "scheduleEntry" + ], + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "ServiceNowUpdateIncident": { + "name": "ServiceNowUpdateIncident", + "depends_on": [ + "servicenow-query-table", + "servicenow-update-record" + ] + } + }, + { + "DataIPReputation": { + "name": "DataIPReputation", + "toversion": "3.0.1" + } + }, + { + "SetDateField": { + "name": "SetDateField", + "script_executions": [ + "setIncident" + ] + } + }, + { + "ADGetEmailForUser": { + "name": "ADGetEmailForUser", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "toversion": "3.6.0", + "fromversion": "3.5.0" + } + }, + { + "PWEventDetails": { + "name": "PWEventDetails", + "deprecated": true, + "depends_on": [ + "pw-event-get" + ] + } + }, + { + "CheckSenderDomainDistance": { + "name": "CheckSenderDomainDistance" + } + }, + { + "7b02fa0f-94ff-48c7-8350-b4e353702e73": { + "name": "VMRay", + "depends_on": [ + "upload_sample" + ], + "script_executions": [ + "getFilePath", + "upload_sample", + "scheduleEntry" + ] + } + }, + { + "PWObservationPcapDownload": { + "name": "PWObservationPcapDownload", + "depends_on": [ + "observation-pcap-download" + ] + } + }, + { + "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { + "name": "cveReputation", + "depends_on": [ + "cve-search" + ] + } + }, + { + "ParseEmailHeader": { + "name": "ParseEmailHeaders", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "IndicatorMaliciousRatioCalculation": { + "name": "IndicatorMaliciousRatioCalculation", + "fromversion": "3.5.0", + "script_executions": [ + "findIndicators", + "getIncidents", + "getIncidents" + ] + } + }, + { + "BinaryReputationPy": { + "name": "BinaryReputationPy", + "deprecated": true, + "depends_on": [ + "file" + ], + "script_executions": [ + "getEntries", + "file", + "file" + ] + } + }, + { + "ArcherUpdateSecurityIncident": { + "name": "ArcherUpdateSecurityIncident", + "depends_on": [ + "archer-update-record" + ] + } + }, + { + "IsListExist": { + "name": "IsListExist", + "script_executions": [ + "getList" + ] + } + }, + { + "CSCountDevicesForIOC": { + "name": "CSCountDevicesForIOC", + "deprecated": true, + "depends_on": [ + "cs-device-count-ioc" + ] + } + }, + { + "LCMSetHostComment": { + "name": "LCMSetHostComment", + "depends_on": [ + "lcm-set-host-comment" + ], + "script_executions": [ + "LCMHosts" + ] + } + }, + { + "D2Exec": { + "name": "D2Exec" + } + }, + { + "OSQueryProcesses": { + "name": "OSQueryProcesses", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "NessusScanStatus": { + "name": "NessusScanStatus", + "deprecated": true, + "depends_on": [ + "scan-details" + ] + } + }, + { + "DemistoLinkIncidents": { + "name": "DemistoLinkIncidents", + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "JiraCreateIssue": { + "name": "JiraCreateIssue", + "deprecated": true, + "depends_on": [ + "jira-create-issue" + ] + } + }, + { + "LocateAttachment": { + "name": "LocateAttachment", + "deprecated": true, + "script_executions": [ + "getEntries" + ] + } + }, + { + "ADGetComputerGroups": { + "name": "ADGetComputerGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "AdSearch" + ] + } + }, + { + "MapValues": { + "name": "MapValues" + } + }, + { + "QrGetSearch": { + "name": "QrGetSearch", + "deprecated": true, + "depends_on": [ + "qr-get-search" + ] + } + }, + { + "EmailAskUser": { + "name": "EmailAskUser", + "fromversion": "4.0.0" + } + }, + { + "AwsGetInstanceInfo": { + "name": "AwsGetInstanceInfo", + "depends_on": [ + "get-instance-info", + "get-ebs-volume-info", + "get-sg-info" + ] + } + }, + { + "CreateArray": { + "name": "CreateArray" + } + }, + { + "ADListUsers": { + "name": "ADListUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CBPFindRule": { + "name": "CBPFindRule", + "depends_on": [ + "cbp-fileRule-search" + ] + } + }, + { + "GoogleappsListUsers": { + "name": "GoogleappsListUsers", + "deprecated": true, + "depends_on": [ + "googleapps-list-users" + ] + } + }, + { + "ParseCSV": { + "name": "ParseCSV", + "script_executions": [ + "getEntries" + ] + } + }, + { + "D2Winpmem": { + "name": "D2Winpmem" + } + }, + { + "AlgosecGetApplications": { + "name": "AlgosecGetApplications", + "depends_on": [ + "algosec-get-applications" + ] + } + }, + { + "Elasticsearch": { + "name": "Elasticsearch", + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "EPOUpdateRepository": { + "name": "EPOUpdateRepository", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "ZipFile": { + "name": "ZipFile", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VectraSummary": { + "name": "VectraSummary", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "MattermostAskUser": { + "name": "MattermostAskUser", + "depends_on": [ + "mattermost-send" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "WhoisSummary": { + "name": "WhoisSummary", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "AssignAnalystToIncident": { + "name": "AssignAnalystToIncident" + } + }, + { + "Base64ListToFile": { + "name": "Base64ListToFile", + "script_executions": [ + "getList" + ] + } + }, + { + "LCMPathFinderScanHost": { + "name": "LCMPathFinderScanHost", + "depends_on": [ + "lcm-pathfinder-scan" + ] + } + }, + { + "IncapScheduleTask": { + "name": "IncapScheduleTask", + "depends_on": [ + "scheduleEntry", + "IncapWhitelistCompliance" + ], + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "SbQuery": { + "name": "SbQuery", + "depends_on": [ + "sb-query" + ] + } + }, + { + "GetStringsDistance": { + "name": "GetStringsDistance" + } + }, + { + "CSHuntByIOC": { + "name": "CSHuntByIOC", + "deprecated": true, + "depends_on": [ + "cs-device-ran-on" + ] + } + }, + { + "FireEyeDetonateFile": { + "name": "FireEyeDetonateFile", + "depends_on": [ + "fe-submit", + "fe-submit-result", + "fe-submit-status" + ], + "script_executions": [ + "IsIntegrationAvailable" + ] + } + }, + { + "514ec833-c02c-49a3-8ac6-d982198f5fa0": { + "name": "OktaUpdateUser", + "deprecated": true, + "depends_on": [ + "okta-update-user" + ] + } + }, + { + "JoinIfSingleElementOnly": { + "name": "JoinIfSingleElementOnly" + } + }, + { + "PWObservationDetails": { + "name": "PWObservationDetails", + "deprecated": true, + "depends_on": [ + "pw-observation-get" + ] + } + }, + { + "SNOpenTicket": { + "name": "SNOpenTicket", + "deprecated": true, + "depends_on": [ + "servicenow-incident-create" + ] + } + }, + { + "IPInfoQuery": { + "name": "IPInfoQuery", + "deprecated": true, + "depends_on": [ + "ipinfo_field" + ], + "script_executions": [ + "ipinfo_field", + "ip" + ] + } + }, + { + "RegCollectValues": { + "name": "RegCollectValues" + } + }, + { + "MD5Extract": { + "name": "MD5Extract", + "deprecated": true + } + }, + { + "CommonIntegration": { + "name": "CommonIntegration", + "deprecated": true + } + }, + { + "CBPBanHash": { + "name": "CBPBanHash", + "depends_on": [ + "cbp-fileRule-update" + ] + } + }, + { + "URLDecode": { + "name": "URLDecode" + } + }, + { + "AwsRunInstance": { + "name": "AwsRunInstance", + "depends_on": [ + "run-instance" + ] + } + }, + { + "EPORetrieveCurrentDATVersion": { + "name": "EPORetrieveCurrentDATVersion", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "TaniumShowPendingActions": { + "name": "TaniumShowPendingActions", + "deprecated": true, + "depends_on": [ + "tn-get-object" + ] + } + }, + { + "PrintErrorEntry": { + "name": "PrintErrorEntry", + "fromversion": "4.0.0" + } + }, + { + "SEPCheckOutdatedEndpoints": { + "name": "SEPCheckOutdatedEndpoints", + "depends_on": [ + "sep-client-content" + ] + } + }, + { + "URLNumberOfAds": { + "name": "URLNumberOfAds" + } + }, + { + "IncidentToContext": { + "name": "IncidentToContext", + "deprecated": true + } + }, + { + "D2Users": { + "name": "D2Users" + } + }, + { + "StripChars": { + "name": "StripChars" + } + }, + { + "RegPathReputationBasicLists": { + "name": "RegPathReputationBasicLists" + } + }, + { + "IsIntegrationAvailable": { + "name": "IsIntegrationAvailable" + } + }, + { + "ExposeIncidentOwner": { + "name": "ExposeIncidentOwner" + } + }, + { + "EmailReputation": { + "name": "EmailReputation", + "script_executions": [ + "email" + ] + } + }, + { + "AwsCreateVolumeSnapshot": { + "name": "AwsCreateVolumeSnapshot", + "depends_on": [ + "create-volume-snapshot" + ] + } + }, + { + "CreateEmailHtmlBody": { + "name": "CreateEmailHtmlBody" + } + }, + { + "listExecutedCommands": { + "name": "listExecutedCommands" + } + }, + { + "EPOUpdateEndpoints": { + "name": "EPOUpdateEndpoints", + "deprecated": true, + "depends_on": [ + "epo-command" + ] + } + }, + { + "CheckSender": { + "name": "CheckSender", + "depends_on": [ + "pipl-search" + ] + } + }, + { + "NessusLaunchScan": { + "name": "NessusLaunchScan", + "deprecated": true, + "depends_on": [ + "scan-launch" + ] + } + }, + { + "ADGetGroupUsers": { + "name": "ADGetGroupUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CPTaskStatus": { + "name": "CPTaskStatus", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "80b5c44c-4eac-4e00-812f-6d409d57be31": { + "name": "WhoisLookup", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "NetwitnessSAAddEventsToIncident": { + "name": "NetwitnessSAAddEventsToIncident", + "depends_on": [ + "nw-add-events-to-incident" + ] + } + }, + { + "StopScheduledTask": { + "name": "StopScheduledTask", + "script_executions": [ + "scheduleEntry" + ] + } + }, + { + "SalesforceAskUser": { + "name": "SalesforceAskUser", + "depends_on": [ + "salesforce-push-comment" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "ADListUsersEx": { + "name": "ADListUsersEx", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "OSQueryOpenSockets": { + "name": "OSQueryOpenSockets", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "EsmExample": { + "name": "EsmExample", + "depends_on": [ + "search" + ] + } + }, + { + "SetSeverityByScore": { + "name": "SetSeverityByScore", + "script_executions": [ + "IncidentSet", + "IncidentSet", + "IncidentSet" + ] + } + }, + { + "RSAArcherManualFetch": { + "name": "RSAArcherManualFetch", + "depends_on": [ + "archer-manually-fetch-incident" + ], + "script_executions": [ + "createNewIncident" + ] + } + }, + { + "CheckpointFWBackupStatus": { + "name": "CheckpointFWBackupStatus", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "VolImageinfo": { + "name": "VolImageinfo" + } + }, + { + "CBPApproveHash": { + "name": "CBPApproveHash", + "depends_on": [ + "cbp-fileRule-update" + ] + } + }, + { + "ParseEmailFile": { + "name": "ParseEmailFile", + "deprecated": true, + "script_executions": [ + "getEntry", + "getFilePath" + ] + } + }, + { + "GoogleappsRevokeUserRole": { + "name": "GoogleappsRevokeUserRole", + "depends_on": [ + "googleapps-revoke-user-role" + ] + } + }, + { + "DBotPredictPhishingEvaluation": { + "name": "DBotPredictPhishingEvaluation", + "fromversion": "4.1.0", + "script_executions": [ + "DBotPreparePhishingData", + "setIncident" + ] + } + }, + { + "DemistoUploadFile": { + "name": "DemistoUploadFile", + "depends_on": [ + "demisto-api-multipart" + ] + } + }, + { + "SNListTickets": { + "name": "SNListTickets", + "deprecated": true, + "depends_on": [ + "servicenow-incidents-query" + ] + } + }, + { + "JiraIssueAddComment": { + "name": "JiraIssueAddComment", + "deprecated": true, + "depends_on": [ + "jira-issue-add-comment" + ] + } + }, + { + "AlgosecCreateTicket": { + "name": "AlgosecCreateTicket", + "depends_on": [ + "algosec-create-ticket" + ] + } + }, + { + "DeleteContext": { + "name": "DeleteContext" + } + }, + { + "ADGetUsersByEmail": { + "name": "ADGetUsersByEmail", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "LanguageDetect": { + "name": "LanguageDetect" + } + }, + { + "IncapGetAppInfo": { + "name": "IncapGetAppInfo", + "depends_on": [ + "incap-get-app-info" + ] + } + }, + { + "SplunkEmailParser": { + "name": "SplunkEmailParser", + "depends_on": [ + "search" + ] + } + }, + { + "GetTime": { + "name": "GetTime" + } + }, + { + "PortListenCheck": { + "name": "PortListenCheck" + } + }, + { + "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { + "name": "WhileNotExistLoop", + "deprecated": true + } + }, + { + "PanoramaBlockIP": { + "name": "PanoramaBlockIP", + "deprecated": true, + "depends_on": [ + "panorama" + ] + } + }, + { + "IdentifyAttachedEmail": { + "name": "IdentifyAttachedEmail", + "script_executions": [ + "getEntries" + ] + } + }, + { + "D2Services": { + "name": "D2Services" + } + }, + { + "AlgosecQuery": { + "name": "AlgosecQuery", + "depends_on": [ + "algosec-query" + ] + } + }, + { + "AwsStartInstance": { + "name": "AwsStartInstance", + "depends_on": [ + "start-instance" + ] + } + }, + { + "DomainReputation": { + "name": "DomainReputation", + "script_executions": [ + "domain" + ] + } + }, + { + "GetDuplicatesMlv2": { + "name": "GetDuplicatesMlv2", + "fromversion": "3.5.0", + "script_executions": [ + "getIncidents", + "findIndicators", + "getIncidents" + ] + } + }, + { + "JIRAPrintIssue": { + "name": "JIRAPrintIssue", + "depends_on": [ + "jira-get-issue" + ] + } + }, + { + "FPDeleteRule": { + "name": "FPDeleteRule", + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "isError": { + "name": "isError" + } + }, + { + "CommonServerPython": { + "name": "CommonServerPython" + } + }, + { + "10cb3486-48f3-4d93-88af-b6be84ffd432": { + "name": "OktaGetGroups", + "deprecated": true, + "depends_on": [ + "okta-get-groups" + ] + } + }, + { + "DocumentationAutomation": { + "name": "DocumentationAutomation", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "FileReputation": { + "name": "FileReputation", + "script_executions": [ + "file" + ] + } + }, + { + "AreValuesEqual": { + "name": "AreValuesEqual" + } + }, + { + "LCMDetectedEntities": { + "name": "LCMDetectedEntities", + "depends_on": [ + "lcm-entities" + ] + } + }, + { + "UtilAnyResults": { + "name": "UtilAnyResults" + } + }, + { + "ExampleJSScript": { + "name": "ExampleJSScript" + } + }, + { + "UnEscapeIPs": { + "name": "UnEscapeIPs" + } + }, + { + "OSQueryLoggedInUsers": { + "name": "OSQueryLoggedInUsers", + "depends_on": [ + "OSQueryBasicQuery" + ], + "script_executions": [ + "OSQueryBasicQuery" + ] + } + }, + { + "FindSimilarIncidentsByText": { + "name": "FindSimilarIncidentsByText" + } + }, + { + "IncapWhitelistCompliance": { + "name": "IncapWhitelistCompliance", + "depends_on": [ + "incap-get-domain-approver-email", + "RemoteExec", + "incap-list-sites", + "SendEmail" + ], + "script_executions": [ + "SendEmail", + "RemoteExec" + ] + } + }, + { + "c99e196b-e05e-41f2-82cb-6798f33cb653": { + "name": "cveSearch", + "deprecated": true, + "depends_on": [ + "cve-search" + ] + } + }, + { + "5e125fdd-72f1-455f-89fa-e6f9405174a4": { + "name": "NotInContextVerification" + } + }, + { + "ExtractDomain": { + "name": "ExtractDomain" + } + }, + { + "DemistoCreateList": { + "name": "DemistoCreateList", + "depends_on": [ + "demisto-api-post" + ] + } + }, + { + "ServiceNowQueryIncident": { + "name": "ServiceNowQueryIncident", + "depends_on": [ + "servicenow-query-table" + ] + } + }, + { + "MimecastQuery": { + "name": "MimecastQuery", + "depends_on": [ + "mimecast-query" + ] + } + }, + { + "misp_download_sample": { + "name": "misp_download_sample", + "depends_on": [ + "internal-misp-download-sample" + ] + } + }, + { + "ExchangeDeleteIDsFromContext": { + "name": "ExchangeDeleteIDsFromContext", + "deprecated": true, + "depends_on": [ + "ews-delete-items" + ] + } + }, + { + "DumpJSON": { + "name": "DumpJSON" + } + }, + { + "ADGetGroupComputers": { + "name": "ADGetGroupComputers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "TrendmicroAntiMalwareEventRetrieve": { + "name": "TrendmicroAntiMalwareEventRetrieve", + "depends_on": [ + "trendmicro-anti-malware-event-retrieve" + ] + } + }, + { + "Sleep": { + "name": "Sleep" + } + }, + { + "AdSearch": { + "name": "AdSearch", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "XBNotable": { + "name": "XBNotable", + "depends_on": [ + "xb-notable" + ] + } + }, + { + "GoogleappsGetUser": { + "name": "GoogleappsGetUser", + "deprecated": true, + "depends_on": [ + "googleapps-get-user" + ] + } + }, + { + "CBLiveFetchFiles": { + "name": "CBLiveFetchFiles", + "depends_on": [ + "CBLiveGetFile" + ], + "script_executions": [ + "CBLiveGetFile" + ] + } + }, + { + "JiraIssueAddLink": { + "name": "JiraIssueAddLink", + "deprecated": true, + "depends_on": [ + "jira-issue-add-link" + ] + } + }, + { + "ContextSearchForString": { + "name": "ContextSearchForString" + } + }, + { + "ShowOnMap": { + "name": "ShowOnMap" + } + }, + { + "CBFindIP": { + "name": "CBFindIP", + "depends_on": [ + "CBSearch" + ], + "script_executions": [ + "CBSearch" + ] + } + }, + { + "D2Rekall": { + "name": "D2Rekall" + } + }, + { + "CuckooGetReport": { + "name": "CuckooGetReport", + "depends_on": [ + "cuckoo-get-task-report" + ] + } + }, + { + "BinarySearchPy": { + "name": "BinarySearchPy", + "depends_on": [ + "cb-process" + ], + "script_executions": [ + "getEntries" + ] + } + }, + { + "Volatility": { + "name": "Volatility" + } + }, + { + "GrrGetFiles": { + "name": "GrrGetFiles", + "depends_on": [ + "grr_get_files" + ], + "script_executions": [ + "grr_get_files" + ] + } + }, + { + "FetchFileD2": { + "name": "FetchFileD2" + } + }, + { + "ToTable": { + "name": "ToTable" + } + }, + { + "XBLockouts": { + "name": "XBLockouts", + "depends_on": [ + "xb-lockouts" + ] + } + }, + { + "ExchangeAssignRole": { + "name": "ExchangeAssignRole" + } + }, + { + "GrrSetHunts": { + "name": "GrrSetHunts", + "depends_on": [ + "grr_set_hunts" + ], + "script_executions": [ + "grr_set_hunts" + ] + } + }, + { + "MaliciousRatioReputation": { + "name": "MaliciousRatioReputation", + "fromversion": "4.0.0", + "script_executions": [ + "findIndicators", + "maliciousRatio" + ] + } + }, + { + "EPOFindSystem": { + "name": "EPOFindSystem", + "depends_on": [ + "epo-command" + ] + } + }, + { + "TaniumAskQuestionComplex": { + "name": "TaniumAskQuestionComplex", + "deprecated": true, + "depends_on": [ + "tn-add-question-complex", + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "DataURLReputation": { + "name": "DataURLReputation", + "deprecated": true + } + }, + { + "DataHashReputation": { + "name": "DataHashReputation", + "toversion": "3.0.1", + "depends_on": [ + "file" + ] + } + }, + { + "GetIndicatorDBotScore": { + "name": "GetIndicatorDBotScore", + "fromversion": "3.5.0", + "script_executions": [ + "getIndicator" + ] + } + }, + { + "HTTPListRedirects": { + "name": "HTTPListRedirects" + } + }, + { + "DataHashReputation": { + "name": "DataHashReputation", + "deprecated": true, + "depends_on": [ + "file" + ] + } + }, + { + "CBEvents": { + "name": "CBEvents", + "depends_on": [ + "cb-process", + "process-events" + ] + } + }, + { + "Whois": { + "name": "Whois", + "deprecated": true, + "depends_on": [ + "whois" + ] + } + }, + { + "MarkAsNoteByTag": { + "name": "MarkAsNoteByTag", + "script_executions": [ + "getEntries", + "markAsNote" + ] + } + }, + { + "TaniumApprovePendingActions": { + "name": "TaniumApprovePendingActions", + "deprecated": true, + "depends_on": [ + "tn-add-object", + "tn-get-object" + ] + } + }, + { + "GenericPollingScheduledTask": { + "name": "GenericPollingScheduledTask" + } + }, + { + "NessusListScans": { + "name": "NessusListScans", + "deprecated": true, + "depends_on": [ + "scans-list" + ] + } + }, + { + "TaniumAskQuestion": { + "name": "TaniumAskQuestion", + "deprecated": true, + "depends_on": [ + "tn-result-data", + "tn-result-info" + ] + } + }, + { + "ExportToCSV": { + "name": "ExportToCSV" + } + }, + { + "URLReputation": { + "name": "URLReputation", + "script_executions": [ + "url" + ] + } + }, + { + "IncidentAddSystem": { + "name": "IncidentAddSystem" + } + }, + { + "FindSimilarIncidents": { + "name": "FindSimilarIncidents", + "script_executions": [ + "getContext" + ] + } + }, + { + "CPDeleteRule": { + "name": "CPDeleteRule", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint", + "checkpoint" + ] + } + }, + { + "RegexGroups": { + "name": "RegexGroups" + } + }, + { + "RemoteExec": { + "name": "RemoteExec", + "depends_on": [ + "ssh" + ] + } + }, + { + "PublishEntriesToContext": { + "name": "PublishEntriesToContext" + } + }, + { + "http": { + "name": "http", + "toversion": "3.1.0" + } + }, + { + "GoogleappsGetUserRoles": { + "name": "GoogleappsGetUserRoles", + "deprecated": true, + "depends_on": [ + "googleapps-get-user-roles" + ] + } + }, + { + "ExchangeDeleteMail": { + "name": "ExchangeDeleteMail" + } + }, + { + "SbUpload": { + "name": "SbUpload", + "depends_on": [ + "sb-upload" + ] + } + }, + { + "3dd62013-4fed-43eb-8ae4-91b1b4250599": { + "name": "OktaSetPassword", + "deprecated": true, + "depends_on": [ + "okta-set-password" + ] + } + }, + { + "D2Processes": { + "name": "D2Processes" + } + }, + { + "IncapListSites": { + "name": "IncapListSites", + "depends_on": [ + "incap-list-sites" + ] + } + }, + { + "ADGetEmailForAllUsers": { + "name": "ADGetEmailForAllUsers", + "deprecated": true, + "depends_on": [ + "ad-search" + ] + } + }, + { + "CuckooTaskStatus": { + "name": "CuckooTaskStatus", + "depends_on": [ + "cuckoo-view-task" + ] + } + }, + { + "PWEvents": { + "name": "PWEvents", + "deprecated": true, + "depends_on": [ + "search" + ], + "script_executions": [ + "search" + ] + } + }, + { + "NexposeEmailParserForVuln": { + "name": "NexposeEmailParserForVuln", + "depends_on": [ + "nexpose" + ] + } + }, + { + "CloseInvestigationAsDuplicate": { + "name": "CloseInvestigationAsDuplicate", + "script_executions": [ + "linkIncidents" + ] + } + }, + { + "GetDuplicatesMl": { + "name": "GetDuplicatesMl", + "fromversion": "3.5.0", + "deprecated": true, + "script_executions": [ + "getIncidents", + "findIndicators", + "getIncidents" + ] + } + }, + { + "FailedInstances": { + "name": "FailedInstances", + "fromversion": "4.0.0" + } + }, + { + "UnPackFile": { + "name": "UnPackFile", + "script_executions": [ + "getEntries", + "getFilePath" + ] + } + }, + { + "http": { + "name": "http", + "fromversion": "3.5.0" + } + }, + { + "DBotPredictPhishingLabel": { + "name": "DBotPredictPhishingLabel", + "fromversion": "4.1.0", + "script_executions": [ + "DBotPredictTextLabel" + ] + } + }, + { + "CPCreateBackup": { + "name": "CPCreateBackup", + "deprecated": true, + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "ExtractIP": { + "name": "ExtractIP" + } + }, + { + "CheckURLs": { + "name": "CheckURLs", + "deprecated": true, + "script_executions": [ + "url" + ] + } + }, + { + "SplunkPySearch": { + "name": "SplunkPySearch", + "depends_on": [ + "splunk-search" + ] + } + }, + { + "GrrGetHunts": { + "name": "GrrGetHunts", + "depends_on": [ + "grr_get_hunts" + ], + "script_executions": [ + "grr_get_hunts" + ] + } + }, + { + "ImpSfSetEndpointStatus": { + "name": "ImpSfSetEndpointStatus", + "depends_on": [ + "imp-sf-set-endpoint-status" + ] + } + }, + { + "PCAPMiner": { + "name": "PCAPMiner", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "D2GetFile": { + "name": "D2GetFile" + } + }, + { + "PagerDutyAssignOnCallUser": { + "name": "PagerDutyAssignOnCallUser", + "depends_on": [ + "PagerDuty-get-users-on-call-now" + ] + } + }, + { + "ExtractHTMLTables": { + "name": "ExtractHTMLTables" + } + }, + { + "ContainsCreditCardInfo": { + "name": "ContainsCreditCardInfo" + } + }, + { + "CBSearch": { + "name": "CBSearch" + } + }, + { + "DataDomainReputation": { + "name": "DataDomainReputation", + "toversion": "3.0.1" + } + }, + { + "DBotClosedIncidentsPercentage": { + "name": "DBotClosedIncidentsPercentage" + } + }, + { + "CBAlerts": { + "name": "CBAlerts", + "depends_on": [ + "cb-alert" + ] + } + }, + { + "ParseWordDoc": { + "name": "ParseWordDoc", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "VolJson": { + "name": "VolJson" + } + }, + { + "SlackSend": { + "name": "SlackSend", + "deprecated": true, + "depends_on": [ + "slack-send" + ] + } + }, + { + "ExposeList": { + "name": "ExposeList", + "deprecated": true + } + }, + { + "VectraHealth": { + "name": "VectraHealth", + "deprecated": true, + "depends_on": [ + "vec-health" + ] + } + }, + { + "D2ExecuteCommand": { + "name": "D2ExecuteCommand" + } + }, + { + "46e2109c-b735-458e-884f-030229a20830": { + "name": "SetByIncidentId" + } + }, + { + "dfa728bb-8291-4f8c-8185-53fad210f1b5": { + "name": "VerifyHumanReadableContains" + } + }, + { + "ContextGetPathForString": { + "name": "ContextGetPathForString" + } + }, + { + "LCMResolveHost": { + "name": "LCMResolveHost", + "depends_on": [ + "lcm-resolve-host" + ] + } + }, + { + "IsGreaterThan": { + "name": "IsGreaterThan" + } + }, + { + "SbQuota": { + "name": "SbQuota", + "depends_on": [ + "sb-quota" + ] + } + }, + { + "ContextFilter": { + "name": "ContextFilter" + } + }, + { + "O365SearchEmails": { + "name": "O365SearchEmails", + "script_executions": [ + "D2O365SearchAndDelete", + "D2O365ComplianceSearch" + ] + } + }, + { + "AnalyzeOSX": { + "name": "AnalyzeOSX", + "depends_on": [ + "url", + "Osxcollector", + "file" + ] + } + }, + { + "PWEventPcapDownload": { + "name": "PWEventPcapDownload", + "depends_on": [ + "event-pcap-download" + ] + } + }, + { + "AnalyzeMemImage": { + "name": "AnalyzeMemImage" + } + }, + { + "8bb47409-fffb-40c4-8601-d5fd20384e26": { + "name": "SetTime", + "script_executions": [ + "setIncident" + ] + } + }, + { + "JiraGetIssue": { + "name": "JiraGetIssue", + "deprecated": true, + "depends_on": [ + "jira-get-issue" + ] + } + }, + { + "ADExpirePassword": { + "name": "ADExpirePassword", + "deprecated": true, + "depends_on": [ + "ad-expire-password" + ] + } + }, + { + "ImpSfRevokeUnaccessedDevices": { + "name": "ImpSfRevokeUnaccessedDevices", + "depends_on": [ + "ImpSfSetEndpointStatus", + "ImpSfListEndpoints" + ], + "script_executions": [ + "SendEmail", + "ImpSfListEndpoints", + "ImpSfSetEndpointStatus" + ] + } + }, + { + "ADGetUser": { + "name": "ADGetUser", + "depends_on": [ + "ad-search" + ] + } + }, + { + "SendEmail": { + "name": "SendEmail", + "depends_on": [ + "send-mail" + ] + } + }, + { + "EPOCheckLatestDAT": { + "name": "EPOCheckLatestDAT", + "deprecated": true + } + }, + { + "PagerDutyAlertOnIncident": { + "name": "PagerDutyAlertOnIncident", + "depends_on": [ + "PagerDuty-submit-event" + ] + } + }, + { + "URLExtract": { + "name": "URLExtract", + "deprecated": true + } + }, + { + "TaniumDeployAction": { + "name": "TaniumDeployAction", + "deprecated": true, + "depends_on": [ + "tn-deploy-package" + ] + } + }, + { + "SendEmailToManager": { + "name": "SendEmailToManager", + "toversion": "3.1.0", + "depends_on": [ + "ad-search", + "send-mail" + ], + "script_executions": [ + "AdSearch", + "AdSearch", + "addOneTimeEntitlement" + ] + } + }, + { + "StringReplace": { + "name": "StringReplace" + } + }, + { + "TextFromHTML": { + "name": "TextFromHTML" + } + }, + { + "CPShowBackupStatus": { + "name": "CPShowBackupStatus", + "deprecated": true, + "depends_on": [ + "ssh" + ], + "script_executions": [ + "ssh" + ] + } + }, + { + "RunPollingCommand": { + "name": "RunPollingCommand", + "fromversion": "4.0.0" + } + }, + { + "CBWatchlists": { + "name": "CBWatchlists", + "depends_on": [ + "cb-watchlist-get" + ] + } + }, + { + "DamSensorDown": { + "name": "DamSensorDown", + "depends_on": [ + "dam-get-latest-by-rule" + ] + } + }, + { + "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { + "name": "OktaDeactivateUser", + "deprecated": true, + "depends_on": [ + "okta-deactivate-user" + ] + } + }, + { + "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { + "name": "NetwitnessQuery", + "depends_on": [ + "nw-sdk-query" + ] + } + }, + { + "CBSensors": { + "name": "CBSensors", + "depends_on": [ + "cb-list-sensors" + ] + } + }, + { + "VolRunCmds": { + "name": "VolRunCmds" + } + }, + { + "ADGetComputer": { + "name": "ADGetComputer", + "depends_on": [ + "ad-search" + ] + } + }, + { + "DemistoUploadFileToIncident": { + "name": "DemistoUploadFileToIncident", + "depends_on": [ + "demisto-api-multipart" + ] + } + }, + { + "SbDownload": { + "name": "SbDownload", + "depends_on": [ + "sb-download" + ] + } + }, + { + "OSQueryBasicQuery": { + "name": "OSQueryBasicQuery", + "depends_on": [ + "RemoteExec" + ], + "script_executions": [ + "RemoteExec" + ] + } + }, + { + "AggregateIOCs": { + "name": "AggregateIOCs", + "deprecated": true + } + }, + { + "LinkIncidentsWithRetry": { + "name": "LinkIncidentsWithRetry", + "script_executions": [ + "linkIncidents", + "linkIncidents" + ] + } + }, + { + "PDFUnlocker": { + "name": "PDFUnlocker", + "script_executions": [ + "getFilePath" + ] + } + }, + { + "D2RegQuery": { + "name": "D2RegQuery" + } + }, + { + "ExtractURL": { + "name": "ExtractURL" + } + }, + { + "StringContains": { + "name": "StringContains" + } + }, + { + "CPBlockIP": { + "name": "CPBlockIP", + "deprecated": true, + "depends_on": [ + "checkpoint" + ], + "script_executions": [ + "checkpoint" + ] + } + }, + { + "TrendmicroSecurityProfileAssignToHost": { + "name": "TrendmicroSecurityProfileAssignToHost", + "depends_on": [ + "trendmicro-security-profile-assign-to-host" + ] + } + }, + { + "JiraCreateIssue-example": { + "name": "JiraCreateIssue-example", + "depends_on": [ + "jira-create-issue", + "jira-delete-issue" + ] + } + }, + { + "VolApihooks": { + "name": "VolApihooks" + } + }, + { + "ADGetCommonGroups": { + "name": "ADGetCommonGroups", + "deprecated": true, + "depends_on": [ + "ad-search" + ], + "script_executions": [ + "ADGetUserGroups" + ] + } + }, + { + "NetwitnessSAGetComponents": { + "name": "NetwitnessSAGetComponents", + "depends_on": [ + "nw-get-components" + ] + } + }, + { + "QRadarGetCorrelationLogs": { + "name": "QRadarGetCorrelationLogs", + "depends_on": [ + "qradar-searches" + ], + "script_executions": [ + "QRadarFullSearch" + ] + } + }, + { + "CountArraySize": { + "name": "CountArraySize" + } + }, + { + "ConvertXmlToJson": { + "name": "ConvertXmlToJson" + } + }, + { + "D2PEDump": { + "name": "D2PEDump" + } + }, + { + "CBPFindComputer": { + "name": "CBPFindComputer", + "depends_on": [ + "cbp-computer-search" + ] + } + }, + { + "ClassifierNotifyAdmin": { + "name": "ClassifierNotifyAdmin", + "depends_on": [ + "send-mail" + ] + } + }, + { + "SlackAskUser": { + "name": "SlackAskUser", + "fromversion": "3.5.0", + "depends_on": [ + "slack-send" + ], + "script_executions": [ + "addEntitlement" + ] + } + }, + { + "Exists": { + "name": "Exists" + } + }, + { + "NetwitnessSAGetEvents": { + "name": "NetwitnessSAGetEvents", + "depends_on": [ + "nw-get-events" + ] + } + }, + { + "DBotTrainTextClassifier": { + "name": "DBotTrainTextClassifier", + "fromversion": "4.1.0", + "script_executions": [ + "getFilePath", + "createList" + ] + } + }, + { + "CommonServer": { + "name": "CommonServer" + } + }, + { + "LCMDetectedIndicators": { + "name": "LCMDetectedIndicators", + "depends_on": [ + "lcm-indicators" + ] + } + }, + { + "SplunkSearch": { + "name": "SplunkSearch", + "deprecated": true, + "depends_on": [ + "search" + ] + } + }, + { + "IsIPInSubnet": { + "name": "IsIPInSubnet", + "deprecated": true + } + }, + { + "TrendmicroHostRetrieveAll": { + "name": "TrendmicroHostRetrieveAll", + "depends_on": [ + "trendmicro-host-retrieve-all" + ] + } + }, + { + "getMlFeatures": { + "name": "getMlFeatures", + "fromversion": "3.5.0", + "script_executions": [ + "findIndicators", + "getIncidents" + ] + } + }, + { + "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { + "name": "SEPScan", + "depends_on": [ + "sep-command-status" + ] + } + }, + { + "PrintContext": { + "name": "PrintContext" + } + }, + { + "D2O365SearchAndDelete": { + "name": "D2O365SearchAndDelete" + } + }, + { + "DBotPreparePhishingData": { + "name": "DBotPreparePhishingData", + "fromversion": "4.1.0", + "script_executions": [ + "getContext", + "getIncidents", + "createList", + "WordTokenizer" + ] + } + }, + { + "QRadarGetOffenseCorrelations": { + "name": "QRadarGetOffenseCorrelations", + "depends_on": [ + "qradar-searches" + ], + "script_executions": [ + "QRadarFullSearch" + ] + } + }, + { + "ShowScheduledEntries": { + "name": "ShowScheduledEntries" + } + }, + { + "EmailAskUserResponse": { + "name": "EmailAskUserResponse" + } + }, + { + "IsEmailAddressInternal": { + "name": "IsEmailAddressInternal" + } + }, + { + "DemistoGetIncidentTasksByState": { + "name": "DemistoGetIncidentTasksByState" + } + }, + { + "VectraGetHostById": { + "name": "VectraGetHostById", + "deprecated": true, + "depends_on": [ + "vec-get-host-by-id" + ] + } + }, + { + "DefaultIncidentClassifier": { + "name": "DefaultIncidentClassifier" + } + }, + { + "TestCreateTagTextFile": { + "name": "TestCreateTagTextFile", + "script_executions": [ + "createList" + ] + } + }, + { + "TestCreateWordFile": { + "name": "TestCreateWordFile" + } + }, + { + "GenerateImageFileEntry": { + "name": "GenerateImageFileEntry" + } + }, + { + "a18ff76e-c462-4daa-8be2-6a1b5308713f": { + "name": "TestCreateDuplicates" + } + }, + { + "c5cb179f-d6d2-4d87-8857-b224689d5b00": { + "name": "VerifyTreeToFlatObject" + } + }, + { + "GenerateUUID": { + "name": "GenerateUUID" + } + }, + { + "TestXml2JSON": { + "name": "TestXml2JSON" + } + }, + { + "3b260f00-772c-4d4e-84ea-e47226637497": { + "name": "VerifyHumanReadableEquals", + "fromversion": "3.6.0" + } + }, + { + "ValidateErrorExistence": { + "name": "ValidateErrorExistence", + "script_executions": [ + "getEntries" + ] + } + }, + { + "CompleteManualTask": { + "name": "CompleteManualTask", + "script_executions": [ + "DemistoGetIncidentTasksByState", + "taskComplete" + ] + } + }, + { + "GenerateIP": { + "name": "GenerateIP" + } + }, + { + "CarbonBlackResponseFilterSensors": { + "name": "CarbonBlackResponseFilterSensors" + } + }, + { + "RaiseError": { + "name": "RaiseError" + } + }, + { + "GenerateEmail": { + "name": "GenerateEmail" + } + }, + { + "PhishingIncident": { + "name": "PhishingIncident", + "script_executions": [ + "setIncident" + ] + } + }, + { + "VerifyTableToMarkDown": { + "name": "VerifyTableToMarkDown" + } + }, + { + "TestFormatTableValues": { + "name": "TestFormatTableValues" + } + }, + { + "TestCreateIncidents": { + "name": "TestCreateIncidents", + "script_executions": [ + "createNewIncident", + "createNewIncident" + ] + } + }, + { + "TestPYCommonServer": { + "name": "TestPYCommonServer" + } + }, + { + "CreateDuplicateIncident": { + "name": "CreateDuplicateIncident", + "script_executions": [ + "createNewIncident" + ] + } + }, + { + "c0eb84c3-8771-4f9f-833e-1017112d6215": { + "name": "ThrowException" + } + }, + { + "SsdeepReputationTest": { + "name": "SsdeepReputationTest", + "script_executions": [ + "findIndicators", + "createNewIndicator", + "createNewIndicator", + "createNewIndicator" + ] + } + }, + { + "CreateBinaryFile": { + "name": "CreateBinaryFile" + } + }, + { + "GetFirstObject": { + "name": "GetFirstObject" + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + } + ], + "playbooks": [ + { + "search_and_delete_emails_-_generic": { + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Search And Delete Emails - EWS" + ] + } + }, + { + "email_address_enrichment_-_generic": { + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", + "EmailDomainSquattingReputation" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_commands": [ + "setIncident", + "rasterize-email" + ] + } + }, + { + "playbook12": { + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "commentsToContext" + ], + "implementing_commands": [ + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", + "servicenow-incident-create" + ] + } + }, + { + "get_original_email_-_generic": { + "name": "Get Original Email - Generic", + "fromversion": 4.0, + "implementing_playbooks": [ + "Get Original Email - Gmail", + "Get Original Email - EWS" + ] + } + }, + { + "Detonate URL - Phish.AI": { + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "phish-ai-check-status", + "phish-ai-scan-url" + ] + } + }, + { + "Detonate URL - Cuckoo": { + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Sleep" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "cuckoo-view-task", + "cuckoo-get-task-report", + "cuckoo-create-task-from-url" + ] + } + }, + { + "get_file_sample_by_hash_-_generic": { + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "search_endpoints_by_hash_-_crowdstrike": { + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-details" + ] + } + }, + { + "get_file_sample_from_path_-_generic": { + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - D2" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_commands": [ + "rasterize-email" + ] + } + }, + { + "Detonate File - Lastline": { + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "lastline-upload-file", + "lastline-get-report" + ] + } + }, + { + "url_enrichment_-_generic": { + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "URLSSLVerification", + "Exists", + "URLReputation" + ], + "implementing_commands": [ + "rasterize" + ] + } + }, + { + "GenericPolling": { + "name": "GenericPolling", + "fromversion": "4.0.0", + "implementing_scripts": [ + "ScheduleGenericPolling", + "RunPollingCommand", + "PrintErrorEntry" + ] + } + }, + { + "playbook1": { + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExposeModules", + "Autoruns", + "Exists" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Critical assets" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_protection": { + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CBPFindRule", + "Set", + "CBPCatalogFindHash", + "Exists" + ], + "implementing_commands": [ + "cbp-computer-get" + ] + } + }, + { + "Incident Enrichment": { + "name": "Incident Enrichment", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractURL", + "ExtractHash", + "ExtractIP" + ], + "implementing_playbooks": [ + "Enrichment Playbook" + ] + } + }, + { + "playbook16": { + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Exists", + "SendEmail" + ], + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-search" + ] + } + }, + { + "CrowdStrike Falcon Sandbox - Detonate file": { + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "crowdstrike-detonate-file" + ] + } + }, + { + "Enrich McAfee DXL using 3rd party sandbox": { + "name": "Enrich McAfee DXL using 3rd party sandbox", + "implementing_scripts": [ + "CloseInvestigation", + "Exists" + ], + "implementing_playbooks": [ + "WildFire - Detonate file" + ], + "implementing_commands": [ + "dxl-send-event" + ] + } + }, + { + "Get File Sample From Hash - Carbon Black Enterprise Response": { + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "cb-binary-get" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "StringContains", + "Exists" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "Tenable.io Scan": { + "name": "Tenable.io Scan", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-scan-status" + ] + } + }, + { + "block_indicators_-_generic": { + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", + "Block Account - Generic" + ] + } + }, + { + "detonate_url_-_threatgrid": { + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "threat-grid-upload-sample", + "threat-grid-get-samples-state", + "threat-grid-url-to-file" + ] + } + }, + { + "TrendMicro Malware Alert Playbook": { + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetHostID" + ] + } + }, + { + "Google-Vault-Display-Results": { + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", + "gvault-get-mail-results" + ] + } + }, + { + "calculate_severity_-_3rd-party_integrations": { + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", + "Email Address Enrichment - Generic" + ] + } + }, + { + "detonate_url_-_joesecurity": { + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-submit-url", + "joe-analysis-info" + ] + } + }, + { + "CrowdStrike Falcon Sandbox - Detonate file": { + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "crowdstrike-submit-sample", + "crowdstrike-scan" + ] + } + }, + { + "crowdstrike_endpoint_enrichment": { + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", + "implementing_commands": [ + "cs-device-search", + "cs-device-details" + ] + } + }, + { + "cve_enrichment_-_generic": { + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "cveReputation" + ], + "implementing_commands": [ + "cve-search" + ] + } + }, + { + "get_file_sample_by_hash_-_cylance_protect": { + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", + "implementing_scripts": [ + "http", + "UnzipFile", + "Exists" + ], + "implementing_commands": [ + "cylance-protect-download-threat" + ] + } + }, + { + "dedup_incidents_-_ml": { + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Print", + "CloseInvestigationAsDuplicate", + "GetDuplicatesMl" + ] + } + }, + { + "playbook5": { + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", + "ExtractURL" + ], + "implementing_playbooks": [ + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", + "Detonate File - Generic" + ] + } + }, + { + "TIE - IOC Hunt": { + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", + "implementing_scripts": [ + "EPOFindSystem", + "Exists" + ], + "implementing_commands": [ + "tie-file-references" + ] + } + }, + { + "vulnerability_management_-_qualys_Job": { + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", + "implementing_scripts": [ + "QualysCreateIncidentFromReport", + "Set" + ], + "implementing_commands": [ + "qualys-report-fetch", + "closeInvestigation", + "qualys-report-list" + ] + } + }, + { + "get_original_email_-_gmail": { + "name": "Get Original Email - Gmail", + "fromversion": 4.0, + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_commands": [ + "gmail-get-attachments", + "gmail-search", + "gmail-get-mail" + ] + } + }, + { + "detonate_url_-_mcafee_atd": { + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "atd-get-report", + "atd-check-status", + "atd-file-upload" + ] + } + }, + { + "Detonate URL - Lastline": { + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "lastline-get-report", + "lastline-upload-url" + ] + } + }, + { + "Detonate File - Generic": { + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "CrowdStrike Falcon Sandbox - Detonate file", + "WildFire - Detonate file" + ] + } + }, + { + "process_email_-_ews": { + "name": "Process Email - EWS", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "ews-get-attachment" + ] + } + }, + { + "playbook7": { + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "IsIntegrationAvailable", + "Exists" + ], + "implementing_commands": [ + "slack-send", + "ExposeModules" + ] + } + }, + { + "get_file_sample_from_path_-_d2": { + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IncidentAddSystem", + "FetchFileD2" + ] + } + }, + { + "get_original_email_-_ews": { + "name": "Get Original Email - EWS", + "fromversion": 4.0, + "implementing_scripts": [ + "DeleteContext", + "Set" + ], + "implementing_commands": [ + "ews-search-mailbox", + "ews-get-attachment", + "ews-get-items" + ] + } + }, + { + "playbook17": { + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CBPFindRule", + "CBPCatalogFindHash", + "Exists" + ] + } + }, + { + "calculate_severity_-_critical_assets": { + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", + "implementing_scripts": [ + "StringContains", + "Set", + "Exists" + ] + } + }, + { + "playbook14": { + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", + "CPCreateBackup" + ] + } + }, + { + "endpoint_enrichment_-_generic": { + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "EPOFindSystem", + "Exists", + "ADGetComputer" + ], + "implementing_playbooks": [ + "CrowdStrike Endpoint Enrichment" + ], + "implementing_commands": [ + "cylance-protect-get-devices", + "cb-sensor-info", + "so-agents-query" + ] + } + }, + { + "access_investigation_-_qradar": { + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "QRadar - Get offense correlations", + "Access Investigation - Generic" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "Google-Vault-Search-Groups": { + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", + "gvault-get-groups-results" + ] + } + }, + { + "DBotCreatePhishingClassifier": { + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", + "implementing_scripts": [ + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", + "DBotPreparePhishingData" + ] + } + }, + { + "detonate_url_-_generic": { + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", + "Detonate URL - McAfee ATD" + ] + } + }, + { + "tenable-sc-scan": { + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "tenable-sc-get-scan-report", + "tenable-sc-launch-scan" + ] + } + }, + { + "detonate_file_from_url_-_wildfire": { + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "wildfire-upload-file-remote", + "wildfire-report" + ] + } + }, + { + "block_endpoint_-_carbon_black_response": { + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", + "implementing_commands": [ + "cb-sensor-info", + "cb-quarantine-device" + ] + } + }, + { + "close_incident_if_duplicate_found": { + "name": "DeDup incidents", + "fromversion": "3.5.0", + "implementing_scripts": [ + "FindSimilarIncidents", + "CloseInvestigationAsDuplicate" + ] + } + }, + { + "scan_assets_nexpose": { + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "nexpose-start-assets-scan", + "nexpose-get-scan" + ] + } + }, + { + "extract_indicators_-_generic": { + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", + "ExtractIP" + ] + } + }, + { + "playbook0": { + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", + "NexposeEmailParser" + ], + "implementing_playbooks": [ + "Enrichment Playbook" + ] + } + }, + { + "dedup_-_generic": { + "name": "Dedup - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", + "FindSimilarIncidents" + ] + } + }, + { + "malware_investigation-_generic_-_setup": { + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", + "Search Endpoints By Hash - Generic" + ] + } + }, + { + "block_file_-_carbon_black_response": { + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", + "implementing_commands": [ + "cb-get-hash-blacklist", + "cb-block-hash" + ] + } + }, + { + "search_and_delete_emails_-_ews": { + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", + "implementing_scripts": [ + "BuildEWSQuery" + ], + "implementing_commands": [ + "ews-search-mailboxes", + "ews-delete-items" + ] + } + }, + { + "Detonate File - BitDam": { + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "bitdam-upload-file", + "bitdam-get-verdict" + ] + } + }, + { + "MAR - Endpoint data collection": { + "name": "MAR - Endpoint data collection", + "implementing_scripts": [ + "EPOFindSystem", + "Exists" + ], + "implementing_commands": [ + "mar-search-multiple" + ] + } + }, + { + "Google-Vault-Search-Drive": { + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", + "gvault-download-results" + ] + } + }, + { + "process_email_-_add_custom_fields": { + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IncidentSet" + ] + } + }, + { + "detonate_url_-_crowdstrike": { + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "crowdstrike-submit-url", + "crowdstrike-scan" + ] + } + }, + { + "ip_enrichment_generic": { + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IsIPInRanges", + "IPToHost", + "IPReputation" + ], + "implementing_playbooks": [ + "Endpoint Enrichment - Generic" + ], + "implementing_commands": [ + "vt-private-get-ip-report" + ] + } + }, + { + "domain_enrichment_generic": { + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DomainReputation" + ] + } + }, + { + "QRadarFullSearch": { + "name": "QRadarFullSearch", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "qradar-get-search", + "qradar-get-search-results", + "qradar-searches" + ] + } + }, + { + "Arcsight - Get events related to the Case": { + "name": "Arcsight - Get events related to the Case", + "implementing_scripts": [ + "IncidentSet", + "Set", + "Exists" + ], + "implementing_commands": [ + "as-get-security-events", + "as-get-case", + "as-get-case-event-ids" + ] + } + }, + { + "Account Enrichment": { + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "malware_investigation-_generic": { + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", + "Detonate File - Generic" + ] + } + }, + { + "QRadar - Get offense correlations ": { + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", + "implementing_scripts": [ + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", + "Exists" + ] + } + }, + { + "QRadar - Get offense correlations ": { + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", + "implementing_scripts": [ + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations" + ] + } + }, + { + "block_ip_-_generic": { + "name": "Block IP - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PanoramaBlockIP" + ], + "implementing_playbooks": [ + "Add Indicator to Miner - Palo Alto MineMeld" + ], + "implementing_commands": [ + "zscaler-blacklist-ip", + "checkpoint-block-ip" + ] + } + }, + { + "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", + "implementing_scripts": [ + "IncidentSet" + ] + } + }, + { + "playbook3": { + "name": "Ransomware Playbook - Manual", + "fromversion": "2.5.0" + } + }, + { + "Enrich DXL with ATD verdict": { + "name": "Enrich DXL with ATD verdict", + "implementing_scripts": [ + "CloseInvestigation", + "Exists" + ], + "implementing_playbooks": [ + "ATD - Detonate File" + ], + "implementing_commands": [ + "dxl-send-event" + ] + } + }, + { + "Detonate File - SNDBOX": { + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "playbook2": { + "name": "Phishing Playbook - Manual", + "fromversion": "2.5.0" + } + }, + { + "Hunt for bad IOCs": { + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", + "implementing_playbooks": [ + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", + "Carbon black Protection Rapid IOC Hunting" + ] + } + }, + { + "extract_indicators_from_file_-_generic": { + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "ReadPDFFile", + "Set", + "ExtractIndicatorsFromTextFile" + ] + } + }, + { + "Sentinel One - Endpoint data collection": { + "name": "Sentinel One - Endpoint data collection", + "implementing_scripts": [ + "Print", + "Exists" + ], + "implementing_commands": [ + "so-agents-query", + "so-get-agent-processes" + ] + } + }, + { + "process_email_-_generic": { + "name": "Process Email - Generic", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ], + "implementing_playbooks": [ + "Get Original Email - Generic" + ], + "implementing_commands": [ + "setIncident", + "rasterize-email" + ] + } + }, + { + "playbook13": { + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "commentsToContext", + "Ping" + ], + "implementing_commands": [ + "servicenow-incident-create" + ] + } + }, + { + "vulnerability_handling_-_nexpose": { + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", + "setIncident" + ] + } + }, + { + "Calculate Severity - Generic": { + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "StringContains", + "Exists" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "playbook8": { + "name": "Lost / Stolen Device Playbook", + "fromversion": "2.5.0" + } + }, + { + "vulnerability_handling_-_qualys": { + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "DisplayHTML" + ], + "implementing_playbooks": [ + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "qualys-host-list", + "qualys-vulnerability-list" + ] + } + }, + { + "playbook10": { + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", + "ExtractURL" + ], + "implementing_playbooks": [ + "Hunt for bad IOCs" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_response": { + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "CBFindHash" + ] + } + }, + { + "scan_site_nexpose": { + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-scan" + ] + } + }, + { + "PanoramaCommitConfiguration": { + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", + "panorama-commit-status" + ] + } + }, + { + "Failed Login Playbook With Slack": { + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", + "SlackAskUser" + ], + "implementing_commands": [ + "slack-send" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "toversion": "3.1.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-report" + ] + } + }, + { + "File Enrichment - Generic": { + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "File Enrichment - File reputation", + "File Enrichment - Virus Total Private API" + ], + "implementing_commands": [ + "cylance-protect-get-threat", + "pan-appframework-search-by-file-hash" + ] + } + }, + { + "vulnerability_management_-_nexpose_job": { + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", + "implementing_scripts": [ + "NexposeCreateIncidentsFromAssets" + ], + "implementing_commands": [ + "closeInvestigation", + "nexpose-create-assets-report", + "nexpose-search-assets" + ] + } + }, + { + "Archer initiate incident": { + "name": "Archer initiate incident", + "fromversion": "3.5.0", + "implementing_commands": [ + "archer-get-file" + ] + } + }, + { + "block_file_-_generic": { + "name": "Block File - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Block File - Carbon Black Response" + ] + } + }, + { + "calculate_severity_-_critical_assets": { + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", + "implementing_scripts": [ + "StringContains", + "Set" + ] + } + }, + { + "add_indicator_to_miner_-_palo_alto_mineMeld": { + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", + "implementing_commands": [ + "minemeld-add-to-miner" + ] + } + }, + { + "domain_enrichment_generic": { + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "DomainReputation" + ], + "implementing_commands": [ + "vt-private-get-domain-report" + ] + } + }, + { + "playbook11": { + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", + "SendEmail" + ], + "implementing_commands": [ + "epo-update-repository", + "epo-get-latest-dat", + "epo-get-current-dat" + ] + } + }, + { + "url_enrichment_-_generic": { + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "URLSSLVerification", + "Exists", + "URLReputation" + ], + "implementing_commands": [ + "vt-private-get-url-report", + "rasterize" + ] + } + }, + { + "entity_enrichment_generic": { + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", + "implementing_playbooks": [ + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", + "IP Enrichment - Generic" + ] + } + }, + { + "search_endpoints_by_hash_-_generic": { + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Protection" + ] + } + }, + { + "malware_investigation-_generic": { + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", + "Detonate File - Generic" + ] + } + }, + { + "calculate_severity_-_indicators_dbotscore": { + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", + "implementing_scripts": [ + "Set" + ] + } + }, + { + "Detonate File - Cuckoo": { + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Sleep" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-create-task-from-file" + ] + } + }, + { + "Account Enrichment": { + "name": "Account Enrichment", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "entity_enrichment_generic": { + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_playbooks": [ + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", + "IP Enrichment - Generic" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ] + } + }, + { + "DBotCreatePhishingClassifierJob": { + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "DBot Create Phishing Classifier" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "playbook5": { + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", + "ExtractURL" + ], + "implementing_playbooks": [ + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", + "Enrichment Playbook" + ] + } + }, + { + "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation" + ], + "implementing_commands": [ + "TwilioSendSMS", + "slack-send", + "demisto-api-get", + "setIncident" + ] + } + }, + { + "Google-Vault-Search-Mail": { + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", + "implementing_scripts": [ + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", + "gvault-download-results" + ] + } + }, + { + "ATD - Detonate File": { + "name": "ATD - Detonate File", + "toversion": "3.6.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "detonate-file" + ] + } + }, + { + "block_account_-_generic": { + "name": "Block Account - Generic", + "fromversion": "4.0.0", + "implementing_commands": [ + "ad-disable-account" + ] + } + }, + { + "file_enrichment_-_virus_total_private_api": { + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", + "implementing_commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-file-report" + ] + } + }, + { + "file_enrichment_-_file_reputation": { + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", + "implementing_scripts": [ + "FileReputation" + ] + } + }, + { + "block_url_-_generic": { + "name": "Block URL - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "Add Indicator to Miner - Palo Alto MineMeld" + ], + "implementing_commands": [ + "zscaler-blacklist-url" + ] + } + }, + { + "Process Email": { + "name": "Process Email", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "ParseEmailFiles" + ] + } + }, + { + "playbook15": { + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", + "implementing_commands": [ + "tn-deploy-package", + "tn-ask-question", + "tn-get-saved-question" + ] + } + }, + { + "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Exists" + ], + "implementing_commands": [ + "cb-binary-get" + ] + } + }, + { + "Get File Sample From Hash - Cylance Protect": { + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "http", + "UnzipFile", + "Exists" + ], + "implementing_commands": [ + "cylance-protect-download-threat" + ] + } + }, + { + "access_investigation_-_generic": { + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "ADGetUser", + "EmailAskUser" + ], + "implementing_playbooks": [ + "IP Enrichment - Generic", + "Account Enrichment - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "setIncident" + ] + } + }, + { + "search_endpoints_by_hash_-_tie": { + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", + "implementing_scripts": [ + "EPOFindSystem" + ], + "implementing_commands": [ + "tie-file-references" + ] + } + }, + { + "get_file_sample_from_path_-_carbon_black_enterprise_response": { + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CBLiveGetFile", + "Exists" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set" + ], + "implementing_commands": [ + "wildfire-report", + "detonate-file" + ] + } + }, + { + "Detonate File - Generic": { + "name": "Detonate File - Generic", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", + "Detonate File - ThreatGrid" + ] + } + }, + { + "D2 - Endpoint data collection": { + "name": "D2 - Endpoint data collection", + "implementing_scripts": [ + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", + "AreValuesEqual" + ] + } + }, + { + "Enrichment Playbook": { + "name": "Enrichment Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "FileReputation", + "IPReputation", + "Exists", + "URLReputation" + ] + } + }, + { + "Office 365 Search and Delete": { + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", + "ews-o365-start-compliance-search" + ] + } + }, + { + "dbot_indicator_enrichment_-_generic": { + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "GetIndicatorDBotScore" + ] + } + }, + { + "playbook0": { + "name": "Default", + "fromversion": "3.5.0", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident" + ], + "implementing_playbooks": [ + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Calculate Severity - Generic" + ] + } + }, + { + "File Enrichment - Generic": { + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "FileReputation" + ] + } + }, + { + "ATD - Detonate File": { + "name": "ATD - Detonate File", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "atd-get-report", + "atd-file-upload", + "atd-check-status" + ] + } + }, + { + "account_enrichment_-_generic": { + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", + "implementing_scripts": [ + "ADGetUser", + "Exists" + ] + } + }, + { + "detonatefile_-_joesecurity": { + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-info", + "joe-analysis-submit-sample" + ] + } + }, + { + "ip_enrichment_generic": { + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsIPInRanges", + "IPReputation", + "Exists" + ] + } + }, + { + "Detonate files": { + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Print", + "SandboxDetonateFile", + "Exists" + ] + } + }, + { + "detonate_file_from_url_-_joesecurity": { + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "joe-download-report", + "joe-analysis-submit-sample" + ] + } + }, + { + "Carbon Black Rapid IOC Hunting": { + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", + "implementing_scripts": [ + "CBFindHash", + "Exists" + ] + } + }, + { + "email_address_enrichment_-_generic": { + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", + "EmailDomainSquattingReputation" + ] + } + }, + { + "Endpoint data collection": { + "name": "Endpoint data collection", + "implementing_scripts": [ + "AreValuesEqual" + ], + "implementing_playbooks": [ + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", + "D2 - Endpoint data collection" + ] + } + }, + { + "Get File Sample From Hash - Generic": { + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", + "implementing_playbooks": [ + "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "WildFire - Detonate file": { + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-report" + ] + } + }, + { + "detonate_file_-_threatgrid": { + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set" + ], + "implementing_playbooks": [ + "GenericPolling" + ], + "implementing_commands": [ + "threat-grid-upload-sample", + "threat-grid-get-samples-state" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + } + ], + "integrations": [ + { + "Cybereason": { + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", + "cybereason-update-malop-status" + ] + } + }, + { + "Giphy": { + "name": "Giphy", + "commands": [ + "giphy" + ] + } + }, + { + "RSA NetWitness Packets and Logs": { + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", + "nw-broker-mon" + ] + } + }, + { + "ReversingLabs A1000": { + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", + "reversinglabs-download-unpacked" + ] + } + }, + { + "VMware": { + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", + "vmware-get-events" + ] + } + }, + { + "RSA Archer": { + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", + "archer-get-user-id" + ] + } + }, + { + "vmray": { + "name": "vmray", + "commands": [ + "upload_sample", + "get_results", + "get_job_sample" + ] + } + }, + { + "jira": { + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", + "jira-delete-issue" + ] + } + }, + { + "Verodin": { + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", + "verodin-job-cancel" + ] + } + }, + { + "dnstwist": { + "name": "dnstwist", + "commands": [ + "dnstwist-domain-variations" + ] + } + }, + { + "EWS": { + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", + "ews-move-item" + ] + } + }, + { + "OpenPhish": { + "name": "OpenPhish", + "commands": [ + "url", + "openphish-reload", + "openphish-status" + ] + } + }, + { + "McAfee NSM": { + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", + "nsm-get-attacks" + ] + } + }, + { + "ipinfo": { + "name": "ipinfo", + "commands": [ + "ip", + "ipinfo_field" + ] + } + }, + { + "Cuckoo Sandbox": { + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", + "cuckoo-machine-view" + ] + } + }, + { + "Moloch": { + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", + "moloch_unique_json" + ] + } + }, + { + "Demisto REST API": { + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", + "demisto-delete-incidents" + ] + } + }, + { + "Symantec Advanced Threat Protection": { + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", + "satp-incidents" + ] + } + }, + { + "McAfee Active Response": { + "name": "McAfee Active Response", + "commands": [ + "mar-search", + "mar-collectors-list", + "mar-search-multiple" + ] + } + }, + { + "Aella Star Light": { + "name": "Aella Star Light", + "commands": [ + "aella-get-event" + ] + } + }, + { + "Zendesk": { + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", + "zendesk-get-article" + ] + } + }, + { + "Cisco CloudLock": { + "name": "Cisco CloudLock", + "commands": [ + "cloudlock-get-users", + "cloudlock-get-user-apps", + "cloudlock-get-activities" + ] + } + }, + { + "carbonblackliveresponse": { + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", + "cb-push-file-to-endpoint" + ] + } + }, + { + "Check Point Sandblast Appliance": { + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download" + ] + } + }, + { + "Pipl": { + "name": "Pipl", + "fromversion": "3.5.0", + "commands": [ + "pipl-search", + "email" + ] + } + }, + { + "Forcepoint": { + "name": "Forcepoint", + "commands": [ + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", + "fp-delete-address-from-category" + ] + } + }, + { + "FireEye HX": { + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", + "fireeye-hx-get-host-set-information" + ] + } + }, + { + "Threat Crowd": { + "name": "Threat Crowd", + "commands": [ + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", + "threat-crowd-file" + ] + } + }, + { + "Palo Alto AppFramework": { + "name": "Palo Alto AppFramework", + "commands": [ + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", + "pan-appframework-search-by-file-hash" + ] + } + }, + { + "Phishme Intelligence": { + "name": "Phishme Intelligence", + "commands": [ + "url", + "file", + "ip", + "phishme-search", + "email" + ] + } + }, + { + "Remedy AR": { + "name": "Remedy AR", + "commands": [ + "remedy-get-server-details" + ] + } + }, + { + "Intezer": { + "name": "Intezer", + "commands": [ + "file", + "intezer-upload" + ] + } + }, + { + "AlgoSec": { + "name": "AlgoSec", + "commands": [ + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", + "algosec-query" + ] + } + }, + { + "Zoom": { + "name": "Zoom", + "commands": [ + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", + "zoom-delete-user" + ] + } + }, + { + "Cuckoo Sandbox": { + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", + "cuckoo-machine-view" + ] + } + }, + { + "Threat Grid": { + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-processes" + ] + } + }, + { + "QRadar": { + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", + "qradar-delete-reference-set-value" + ] + } + }, + { + "SplunkPy": { + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", + "splunk-parse-raw" + ] + } + }, + { + "TruSTAR": { + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", + "domain" + ] + } + }, + { + "LogRhythm": { + "name": "LogRhythm", + "commands": [ + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", + "lr-get-alarms" + ] + } + }, + { + "Service Manager": { + "name": "Service Manager", + "commands": [ + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", + "hpsm-get-device" + ] + } + }, + { + "Trend Micro": { + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", + "trendmicro-anti-malware-event-retrieve" + ] + } + }, + { + "Netskope": { + "name": "Netskope", + "commands": [ + "netskope-events", + "netskope-alerts" + ] + } + }, + { + "McAfee Web Gateway": { + "name": "McAfee Web Gateway", + "commands": [ + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", + "mwg-delete-entry" + ] + } + }, + { + "ArcSight Logger": { + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", + "as-search" + ] + } + }, + { + "carbonblack-v2": { + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", + "cb-watchlist" + ] + } + }, + { + "Zscaler": { + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", + "zscaler-get-whitelist" + ] + } + }, + { + "Check Point Sandblast": { + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", + "sandblast-quota" + ] + } + }, + { + "fireeye": { + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config" + ] + } + }, + { + "Awake Security": { + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", + "device" + ] + } + }, + { + "Skyformation": { + "name": "Skyformation", + "commands": [ + "skyformation-get-accounts", + "skyformation-suspend-user", + "skyformation-unsuspend-user" + ] + } + }, + { + "Cisco Spark": { + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", + "cisco-spark-send-message-to-room" + ] + } + }, + { + "ArcSight ESM": { + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", + "as-case-delete" + ] + } + }, + { + "Rapid7 Nexpose": { + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", + "nexpose-get-scans" + ] + } + }, + { + "Cylance Protect v2": { + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", + "cylance-protect-delete-devices" + ] + } + }, + { + "Cyber Triage": { + "name": "Cyber Triage", + "commands": [ + "ct-triage-endpoint" + ] + } + }, + { + "Endgame": { + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", + "endgame-investigation-status" + ] + } + }, + { + "Kenna": { + "name": "Kenna", + "commands": [ + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", + "kenna-update-vulnerability" + ] + } + }, + { + "Cisco Meraki": { + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", + "meraki-update-firewall-rules" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote" + ] + } + }, + { + "AWS Sagemaker": { + "name": "AWS Sagemaker", + "commands": [ + "predict-phishing" + ] + } + }, + { + "VxStream": { + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", + "crowdstrike-submit-file-by-url" + ] + } + }, + { + "DomainTools": { + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", + "domainProfile" + ] + } + }, + { + "Jask": { + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", + "jask-search-entities" + ] + } + }, + { + "Server Message Block (SMB)": { + "name": "Server Message Block (SMB)", + "commands": [ + "smb-download" + ] + } + }, + { + "McAfee ESM-v10": { + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", + "esm-list-alarm-events" + ] + } + }, + { + "nmap": { + "name": "nmap", + "commands": [ + "nmap-scan" + ] + } + }, + { + "ReversingLabs Titanium Cloud": { + "name": "ReversingLabs Titanium Cloud", + "commands": [ + "file" + ] + } + }, + { + "Farsight DNSDB": { + "name": "Farsight DNSDB", + "commands": [ + "dnsdb-rdata", + "dnsdb-rrset" + ] + } + }, + { + "Symantec MSS": { + "name": "Symantec MSS", + "commands": [ + "symantec-mss-update-incident", + "symantec-mss-get-incident", + "symantec-mss-incidents-list" + ] + } + }, + { + "EWS Mail Sender": { + "name": "EWS Mail Sender", + "commands": [ + "send-mail" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", + "wildfire-upload-file-remote" + ] + } + }, + { + "WildFire": { + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote" + ] + } + }, + { + "AlienVault OTX": { + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", + "url" + ] + } + }, + { + "Windows Defender Advanced Threat Protection": { + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", + "microsoft-atp-list-alerts" + ] + } + }, + { + "Mail Sender (New)": { + "name": "Mail Sender (New)", + "commands": [ + "send-mail" + ] + } + }, + { + "Attivo Botsink": { + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", + "attivo-list-users" + ] + } + }, + { + "Sample Incident Generator": { + "name": "Sample Incident Generator" + } + }, + { + "Hybrid Analysis": { + "name": "Hybrid Analysis", + "fromversion": "3.6.1", + "commands": [ + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", + "hybrid-analysis-detonate-file" + ] + } + }, + { + "Anomali ThreatStream": { + "name": "Anomali ThreatStream", + "commands": [ + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", + "ip" + ] + } + }, + { + "PacketMail": { + "name": "PacketMail", + "commands": [ + "packetmail-ip" + ] + } + }, + { + "Qualys": { + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", + "qualys-pc-scan-fetch" + ] + } + }, + { + "Cisco Umbrella Investigate": { + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", + "umbrella-get-url-timeline" + ] + } + }, + { + "Carbon Black Defense": { + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", + "cbd-set-policy" + ] + } + }, + { + "Lockpath KeyLight": { + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", + "kl-delete-record-attachments" + ] + } + }, + { + "OPSWAT-Metadefender": { + "name": "OPSWAT-Metadefender", + "commands": [ + "opswat-hash", + "opswat-scan-file", + "opswat-scan-result" + ] + } + }, + { + "ActiveMQ": { + "name": "ActiveMQ", + "commands": [ + "activemq-send", + "activemq-subscribe" + ] + } + }, + { + "Cisco Email Security Appliance (IronPort)": { + "name": "Cisco Email Security Appliance (IronPort)", + "commands": [ + "ironport-report" + ] + } + }, + { + "Qualys": { + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", + "qualys-pc-scan-fetch" + ] + } + }, + { + "IsItPhishing": { + "name": "IsItPhishing", + "commands": [ + "url" + ] + } + }, + { + "okta": { + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user" + ] + } + }, + { + "AWS - EC2": { + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-modify-instance-attribute" + ] + } + }, + { + "Blockade.io": { + "name": "Blockade.io", + "commands": [ + "blockade-get-indicators", + "blockade-add-indicators" + ] + } + }, + { + "AlphaSOC Network Behavior Analytics": { + "name": "AlphaSOC Network Behavior Analytics" + } + }, + { + "Recorded Future": { + "name": "Recorded Future", + "commands": [ + "domain", + "ip", + "file", + "recorded-future-get-related-entities" + ] + } + }, + { + "CVE Search": { + "name": "CVE Search", + "commands": [ + "cve-search", + "cve-latest" + ] + } + }, + { + "SNDBOX": { + "name": "SNDBOX", + "commands": [ + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", + "sndbox-download-sample" + ] + } + }, + { + "Demisto Lock": { + "name": "Demisto Lock", + "commands": [ + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", + "demisto-lock-release-all" + ] + } + }, + { + "F5 firewall": { + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", + "f5-list-all-user-sessions" + ] + } + }, + { + "MimecastV2": { + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", + "mimecast-download-attachments" + ] + } + }, + { + "Zendesk": { + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", + "zendesk-get-article" + ] + } + }, + { + "RedCanary": { + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", + "redcanary-get-detection" + ] + } + }, + { + "Joe Security": { + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", + "joe-download-sample" + ] + } + }, + { + "AWS - CloudTrail": { + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", + "aws-cloudtrail-lookup-events" + ] + } + }, + { + "ThreatExchange": { + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", + "threatexchange-members" + ] + } + }, + { + "Dell Secureworks": { + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-tickets-ids" + ] + } + }, + { + "Amazon Web Services": { + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", + "aws-get-ebs-volume-info" + ] + } + }, + { + "ArcSight XML": { + "name": "ArcSight XML", + "commands": [ + "arcsight-update-case", + "arcsight-fetch-xml" + ] + } + }, + { + "VirusTotal": { + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", + "vt-comments-get" + ] + } + }, + { + "MxToolBox": { + "name": "MxToolBox", + "commands": [ + "mxtoolbox" + ] + } + }, + { + "Check Point Sandblast Appliance": { + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download" + ] + } + }, + { + "LightCyber Magna": { + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", + "lcm-host-autoruns" + ] + } + }, + { + "Packetsled": { + "name": "Packetsled", + "commands": [ + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", + "packetsled-get-events" + ] + } + }, + { + "Censys": { + "name": "Censys", + "commands": [ + "cen-view", + "cen-search" + ] + } + }, + { + "Imperva Skyfence": { + "name": "Imperva Skyfence", + "commands": [ + "imp-sf-list-endpoints", + "imp-sf-set-endpoint-status" + ] + } + }, + { + "ProtectWise": { + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", + "get-token" + ] + } + }, + { + "Palo Alto Minemeld": { + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", + "minemeld-get-all-miners-names" + ] + } + }, + { + "GoogleSafeBrowsing": { + "name": "GoogleSafeBrowsing", + "commands": [ + "url" + ] + } + }, + { + "Salesforce": { + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", + "salesforce-delete-case" + ] + } + }, + { + "SCADAfence CNM": { + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", + "scadafence-getAllConnections" + ] + } + }, + { + "HashiCorp Vault": { + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", + "hashicorp-create-token" + ] + } + }, + { + "Proofpoint TAP": { + "name": "Proofpoint TAP", + "commands": [ + "proofpoint-get-events" + ] + } + }, + { + "Threat Grid": { + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed" + ] + } + }, + { + "iDefense": { + "name": "iDefense", + "commands": [ + "ip", + "domain", + "url", + "idefense-general", + "uuid" + ] + } + }, + { + "FalconIntel": { + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", + "cs-report-pdf" + ] + } + }, + { + "Venafi": { + "name": "Venafi", + "commands": [ + "venafi-get-certificates", + "venafi-get-certificate-details" + ] + } + }, + { + "CyberArkAIM": { + "name": "CyberArkAIM", + "commands": [ + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", + "account-details" + ] + } + }, + { + "Autofocus": { + "name": "Autofocus", + "commands": [ + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", + "file" + ] + } + }, + { + "AbuseIPDB": { + "name": "AbuseIPDB", + "commands": [ + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", + "abuseipdb-get-categories" + ] + } + }, + { + "McAfee Threat Intelligence Exchange": { + "name": "McAfee Threat Intelligence Exchange", + "commands": [ + "file", + "tie-set-file-reputation", + "tie-file-references" + ] + } + }, + { + "Check Point": { + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", + "checkpoint-delete-rule" + ] + } + }, + { + "PagerDuty v2": { + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", + "PagerDuty-acknowledge-event" + ] + } + }, + { + "Gmail": { + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", + "gmail-add-filter" + ] + } + }, + { + "Centreon": { + "name": "Centreon", + "commands": [ + "centreon-get-host-status", + "centreon-get-service-status" + ] + } + }, + { + "RSA NetWitness Endpoint": { + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", + "netwitness-blacklist-domains" + ] + } + }, + { + "PassiveTotal": { + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", + "pt-ssl-cert-search" + ] + } + }, + { + "ProtectWise": { + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", + "get-token" + ] + } + }, + { + "SentinelOne": { + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", + "so-reslove-threats" + ] + } + }, + { + "AMP": { + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", + "amp_get_version" + ] + } + }, + { + "AWS - SQS": { + "name": "AWS - SQS", + "commands": [ + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", + "aws-sqs-purge-queue" + ] + } + }, + { + "carbonblackliveresponse": { + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-terminate-process" + ] + } + }, + { + "AWS - Route53": { + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record" + ] + } + }, + { + "Tanium": { + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", + "tn-get-action" + ] + } + }, + { + "FireEye ETP": { + "name": "FireEye ETP", + "commands": [ + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", + "fireeye-etp-get-alert" + ] + } + }, + { + "InfoArmor VigilanteATI": { + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-account-usage-info" + ] + } + }, + { + "IBM Resilient Systems": { + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", + "rs-incidents-get-tasks" + ] + } + }, + { + "AWS - IAM": { + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", + "aws-iam-delete-account-alias" + ] + } + }, + { + "Symantec Endpoint Protection": { + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", + "sep-client-content" + ] + } + }, + { + "SumoLogic": { + "name": "SumoLogic", + "commands": [ + "search" + ] + } + }, + { + "Pwned": { + "name": "Pwned", + "commands": [ + "pwned-email", + "pwned-domain", + "email" + ] + } + }, + { + "urlscan.io": { + "name": "urlscan.io", + "toversion": "3.1.0", + "commands": [ + "url", + "ip", + "file", + "urlscan-submit" + ] + } + }, + { + "Lastline": { + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", + "lastline-get-task-list" + ] + } + }, + { + "urlscan.io": { + "name": "urlscan.io", + "fromversion": "3.5.0", + "commands": [ + "urlscan-search", + "urlscan-submit", + "url" + ] + } + }, + { + "OpsGenie": { + "name": "OpsGenie", + "commands": [ + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", + "opsgenie-get-schedule-timeline" + ] + } + }, + { + "McAfeeDAM": { + "name": "McAfeeDAM", + "commands": [ + "dam-get-alert-by-id", + "dam-get-latest-by-rule" + ] + } + }, + { + "okta": { + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", + "okta-get-group-members" + ] + } + }, + { + "Devo": { + "name": "Devo", + "commands": [ + "devo-query" + ] + } + }, + { + "AWS - Security Hub": { + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", + "aws-securityhub-update-finding" + ] + } + }, + { + "Moloch": { + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", + "moloch_unique_json" + ] + } + }, + { + "RedLock": { + "name": "RedLock", + "commands": [ + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", + "redlock-list-alert-filters" + ] + } + }, + { + "Whois": { + "name": "Whois", + "fromversion": "4.1.0", + "commands": [ + "whois" + ] + } + }, + { + "SafeBreach": { + "name": "SafeBreach", + "commands": [ + "safebreach-rerun", + "safebreach-get-simulation" + ] + } + }, + { + "AlphaSOC Wisdom": { + "name": "AlphaSOC Wisdom", + "commands": [ + "wisdom-domain-flags", + "wisdom-ip-flags" + ] + } + }, + { + "jamf": { + "name": "jamf", + "commands": [ + "jamf-get-computers", + "jamf-get-computers-match" + ] + } + }, + { + "CIRCL": { + "name": "CIRCL", + "commands": [ + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", + "circl-ssl-get-certificate" + ] + } + }, + { + "Panorama": { + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", + "panorama-push-status" + ] + } + }, + { + "icebrg": { + "name": "icebrg", + "commands": [ + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", + "icebrg-get-report-assets" + ] + } + }, + { + "EasyVista": { + "name": "EasyVista", + "commands": [ + "easy-vista-search" + ] + } + }, + { + "ThreatConnect": { + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", + "tc-get-incident-associate-indicators" + ] + } + }, + { + "BitDam": { + "name": "BitDam", + "commands": [ + "bitdam-upload-file", + "bitdam-get-verdict" + ] + } + }, + { + "AWS - S3": { + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", + "aws-s3-upload-file" + ] + } + }, + { + "McAfee Advanced Threat Defense": { + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login" + ] + } + }, + { + "GuardiCore": { + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", + "guardicore-search-network-log" + ] + } + }, + { + "Mimecast": { + "name": "Mimecast", + "fromversion": "1.6.2", + "commands": [ + "mimecast-query" + ] + } + }, + { + "Shodan": { + "name": "Shodan", + "commands": [ + "search", + "ip" + ] + } + }, + { + "AWS - GuardDuty": { + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", + "aws-gd-update-findings-feedback" + ] + } + }, + { + "Mimecast Authentication": { + "name": "Mimecast Authentication", + "commands": [ + "mimecast-login", + "mimecast-discover", + "mimecast-refresh-token" + ] + } + }, + { + "malwr": { + "name": "malwr", + "fromversion": "3.0.0", + "commands": [ + "malwr-submit", + "malwr-status", + "malwr-result", + "malwr-detonate" + ] + } + }, + { + "FalconHost": { + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", + "cs-detection-details" + ] + } + }, + { + "ServiceNow": { + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", + "servicenow-get-table-name" + ] + } + }, + { + "Tenable.sc": { + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", + "tenable-sc-get-system-information" + ] + } + }, + { + "google-vault": { + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", + "gvault-get-groups-results" + ] + } + }, + { + "AlienValut OTX": { + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", + "url" + ] + } + }, + { + "MISP": { + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", + "internal-misp-add-attribute" + ] + } + }, + { + "FalconIntel": { + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", + "cs-report-pdf" + ] + } + }, + { + "Box": { + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", + "box_files_get_info" + ] + } + }, + { + "Remedy On-Demand": { + "name": "Remedy On-Demand", + "commands": [ + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-update" + ] + } + }, + { + "Rasterize": { + "name": "Rasterize", + "commands": [ + "rasterize", + "rasterize-email", + "rasterize-image" + ] + } + }, + { + "FortiGate": { + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", + "fortigate-delete-address-group" + ] + } + }, + { + "RTIR": { + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", + "rtir-add-reply" + ] + } + }, + { + "Tenable.io": { + "name": "Tenable.io", + "commands": [ + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-status" + ] + } + }, + { + "Stealthwatch Cloud": { + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", + "sw-list-sessions" + ] + } + }, + { + "EWS v2": { + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", + "ews-o365-get-compliance-search-purge-status" + ] + } + }, + { + "Lockpath KeyLight": { + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", + "kl-delete-record-attachments" + ] + } + }, + { + "Dell Secureworks": { + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count" + ] + } + }, + { + "Luminate": { + "name": "Luminate", + "fromversion": "0.0.0", + "commands": [ + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", + "lum-get-ssh-access-logs" + ] + } + }, + { + "VirusTotal - Private API": { + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", + "vt-private-download-file" + ] + } + }, + { + "Guidance Encase Endpoint": { + "name": "Guidance Encase Endpoint", + "commands": [ + "encase-copyjob", + "encase-snapshot", + "encase-verifyhash" + ] + } + }, + { + "Incapsula": { + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", + "incap-get-app-info" + ] + } + }, + { + "XFE": { + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", + "cve-latest" + ] + } + }, + { + "Cymon": { + "name": "Cymon", + "commands": [ + "ip", + "domain" + ] + } + }, + { + "McAfee Advanced Threat Defense": { + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", + "atd-check-status" + ] + } + }, + { + "AWS - CloudWatchLogs": { + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", + "aws-logs-describe-metric-filters" + ] + } + }, + { + "Microsoft Graph": { + "name": "Microsoft Graph", + "commands": [ + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", + "msg-get-user" + ] + } + }, + { + "Secdo": { + "name": "Secdo", + "commands": [ + "secdo-add-IOCs" + ] + } + }, + { + "Preempt": { + "name": "Preempt", + "commands": [ + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", + "preempt-get-alerts" + ] + } + }, + { + "PostgreSQL": { + "name": "PostgreSQL", + "commands": [ + "pgsql-query" + ] + } + }, + { + "epo": { + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", + "epo-get-version" + ] + } + }, + { + "GRR": { + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", + "grr_set_hunts" + ] + } + }, + { + "Nessus": { + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", + "nessus-scan-status" + ] + } + }, + { + "GuardiCore": { + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", + "guardicore-search-network-log" + ] + } + }, + { + "Digital Shadows": { + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", + "ds-get-tags" + ] + } + }, + { + "fireeye": { + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", + "fe-submit-url-result" + ] + } + }, + { + "RSA NetWitness Packets and Logs": { + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", + "nw-database-dump" + ] + } + }, + { + "RSA NetWitness v11.1": { + "name": "RSA NetWitness v11.1", + "commands": [ + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", + "netwitness-get-alerts" + ] + } + }, + { + "Symantec Messaging Gateway": { + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", + "smg-get-blocked-ips" + ] + } + }, + { + "OTRS": { + "name": "OTRS", + "fromversion": "4.1.0", + "commands": [ + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", + "otrs-close-ticket" + ] + } + }, + { + "Check Point Sandblast": { + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", + "sandblast-quota" + ] + } + }, + { + "Cylance Protect": { + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", + "cp-get-policy-details" + ] + } + }, + { + "TCPIPUtils": { + "name": "TCPIPUtils", + "commands": [ + "ip" + ] + } + }, + { + "RSA NetWitness Security Analytics": { + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", + "netwitness-im-get-alert-original" + ] + } + }, + { + "Where is the egg?": { + "name": "Where is the egg?", + "fromversion": "3.6.0", + "commands": [ + "clue" + ] + } + }, + { + "jira": { + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link" + ] + } + }, + { + "Vectra": { + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", + "vec-get-detetctions-by-id" + ] + } + }, + { + "Twilio": { + "name": "Twilio", + "fromversion": "2.5.0", + "commands": [ + "TwilioSendSMS" + ] + } + }, + { + "PhishTank": { + "name": "PhishTank", + "commands": [ + "url", + "phishtank-reload", + "phishtank-status" + ] + } + }, + { + "FireEye iSIGHT": { + "name": "FireEye iSIGHT", + "commands": [ + "ip", + "domain", + "file", + "isight-get-report", + "isight-submit-file" + ] + } + }, + { + "BigFix": { + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", + "bigfix-query" + ] + } + }, + { + "Phish.AI": { + "name": "Phish.AI", + "fromversion": "4.0.0", + "commands": [ + "phish-ai-scan-url", + "phish-ai-check-status" + ] + } + }, + { + "Koodous": { + "name": "Koodous", + "commands": [ + "k-check-hash" + ] + } + }, + { + "IntSights": { + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", + "intsights-close-alert" + ] + } + } + ], + "TestPlaybooks": [ + { + "SignalSciences Test": { + "name": "SignalSciences Test", + "implementing_commands": [ + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", + "sigsci-whitelist-remove-ip" + ] + } + }, + { + "Microsoft Graph Test": { + "name": "Microsoft Graph Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "msg-search-alerts", + "msg-update-alert", + "msg-get-alert-details" + ] + } + }, + { + "Mail Sender (New) Test": { + "name": "Email Sender Python", + "implementing_scripts": [ + "Set", + "FileCreateAndUpload", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", + "send-mail" + ] + } + }, + { + "ThreatExchange-test": { + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", + "ExtractURL" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "file" + ] + } + }, + { + "PortListenCheck-test": { + "name": "PortListenCheck-test", + "implementing_scripts": [ + "Print", + "PortListenCheck" + ] + } + }, + { + "Qualys-Test": { + "name": "Qualys-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", + "qualys-report-list" + ] + } + }, + { + "Pipl Test": { + "name": "Pipl Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "pipl-search" + ] + } + }, + { + "Splunk-Test": { + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", + "AreValuesEqual" + ], + "implementing_commands": [ + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes" + ] + } + }, + { + "67b0f25f-b061-4468-8613-43ab13147173": { + "name": "CbP-PlayBook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", + "cbp-fileAnalysis-get" + ] + } + }, + { + "test_url_regex": { + "name": "Test URL Regex", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext" + ] + } + }, + { + "8984405a-4274-470a-8a34-a437d8e2e1c5": { + "name": "Test - PhishMe", + "implementing_scripts": [ + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "url", + "phishme-search", + "email", + "file", + "ip" + ] + } + }, + { + "4078d8b6-37c6-42d7-8324-16096a2feb51": { + "name": "AWS - Route53 Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", + "aws-route53-list-hosted-zones" + ] + } + }, + { + "EWS Mail Sender Test": { + "name": "EWS Mail Sender Test", + "implementing_scripts": [ + "http" + ], + "implementing_commands": [ + "send-mail" + ] + } + }, + { + "Icebrg Test": { + "name": "Icebrg Test", + "implementing_commands": [ + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-get-report-indicators" + ] + } + }, + { + "tenable-sc-scan-test": { + "name": "Test tenable scan", + "implementing_playbooks": [ + "Launch Scan - Tenable.sc" + ] + } + }, + { + "VMWare Test": { + "name": "VMWare Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", + "vmware-get-vms" + ] + } + }, + { + "OpenPhish Test Playbook": { + "name": "OpenPhish Test Playbook", + "implementing_scripts": [ + "Print", + "CloseInvestigation", + "Exists" + ], + "implementing_commands": [ + "url", + "openphish-status" + ] + } + }, + { + "Intezer Testing": { + "name": "Intezer Testing", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http" + ], + "implementing_commands": [ + "intezer-upload", + "file" + ] + } + }, + { + "test-domain-indicator": { + "name": "test-domain-indicator", + "implementing_scripts": [ + "Print", + "GetIndicatorDBotScore", + "Sleep" + ] + } + }, + { + "ip_enrichment_generic_test": { + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "IP Enrichment - Generic" + ] + } + }, + { + "Nessus - Test": { + "name": "Nessus - Test", + "implementing_scripts": [ + "WhileLoop" + ], + "implementing_commands": [ + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", + "nessus-scan-details" + ] + } + }, + { + "d66e5f86-e045-403f-819e-5058aa603c32": { + "name": "AWS - EC2 Test Playbook actions", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", + "aws-ec2-stop-instances" + ] + } + }, + { + "Google-Vault-Generic-Test": { + "name": "Google Vault Generic Test", + "implementing_scripts": [ + "VerifyContext", + "GeneratePassword", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-create-export-groups" + ] + } + }, + { + "cve_enrichment_-_generic_-_test": { + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "CVE Enrichment - Generic" + ] + } + }, + { + "ReadPDFFile-Test": { + "name": "ReadPDFFile-Test", + "implementing_scripts": [ + "DeleteContext", + "http", + "ReadPDFFile" + ] + } + }, + { + "RegexGroups Test": { + "name": "RegexGroups Test", + "implementing_scripts": [ + "RaiseError", + "VerifyContext", + "Set", + "DeleteContext" + ] + } + }, + { + "GmailTest": { + "name": "GmailTest", + "implementing_scripts": [ + "GetTime", + "DeleteContext" + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", + "gmail-search" + ] + } + }, + { + "Extract Indicators From File - test": { + "name": "Extract Indicators From File - test", + "implementing_scripts": [ + "RaiseError", + "http" + ], + "implementing_playbooks": [ + "Extract Indicators From File - Generic" + ] + } + }, + { + "Kenna Test": { + "name": "Kenna Test", + "implementing_commands": [ + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", + "kenna-get-connectors" + ] + } + }, + { + "3da2e31b-f114-4d7f-8702-117f3b498de9": { + "name": "AWS - CloudTrail Test Playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", + "aws-cloudtrail-stop-logging" + ] + } + }, + { + "test_Qradar": { + "name": "test_Qradar", + "implementing_scripts": [ + "FetchFromInstance", + "DeleteContext" + ], + "implementing_playbooks": [ + "QRadarFullSearch" + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", + "qradar-delete-reference-set-value" + ] + } + }, + { + "Centreon-Test-Playbook": { + "name": "Centreon-Test-Playbook", + "implementing_commands": [ + "centreon-get-host-status" + ] + } + }, + { + "ssdeepreputationtest": { + "name": "SsdeepReputationTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", + "SSDeepReputation" + ] + } + }, + { + "crowdstrike_falconhost_test": { + "name": "CrowdStrike FalconHost Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cs-device-ran-on", + "cs-device-search", + "cs-device-details" + ] + } + }, + { + "dnstwistTest": { + "name": "dnstwistTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "dnstwist-domain-variations" + ] + } + }, + { + "IPInfoTest": { + "name": "IPInfoTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "Tanium Test Playbook": { + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", + "implementing_commands": [ + "tn-deploy-package", + "tn-ask-question", + "tn-get-saved-question" + ] + } + }, + { + "Netskope Test": { + "name": "Netskope Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "netskope-events", + "netskope-alerts" + ] + } + }, + { + "entity_enrichment_generic_test": { + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Entity Enrichment - Generic" + ] + } + }, + { + "CrowdStrike Falcon Intel v2": { + "name": "CrowdStrike Falcon Intel v2", + "implementing_scripts": [ + "DeleteContext", + "ThrowException" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", + "cs-reports" + ] + } + }, + { + "search_endpoints_by_hash_-_tie_-_test": { + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - TIE" + ] + } + }, + { + "nexpose_test": { + "name": "Nexpose test", + "implementing_scripts": [ + "GenerateUUID", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", + "nexpose-get-scans" + ] + } + }, + { + "cisco-ise-test-playbook": { + "name": "cisco-ise-test-playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "cisco-ise-get-endpoints" + ] + } + }, + { + "CarbonBlackResponseTest": { + "name": "Carbon Black Response Test", + "implementing_scripts": [ + "CarbonBlackResponseFilterSensors", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", + "cb-alert" + ] + } + }, + { + "dedup_-_generic_-_test": { + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "CreateDuplicateIncident", + "DeleteContext" + ], + "implementing_playbooks": [ + "Dedup - Generic" + ], + "implementing_commands": [ + "setIncident" + ] + } + }, + { + "VxStream Test": { + "name": "VxStream Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http", + "Exists" + ], + "implementing_commands": [ + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", + "crowdstrike-search" + ] + } + }, + { + "PhishTank Testing": { + "name": "PhishTank Testing", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set", + "http", + "ReadFile" + ], + "implementing_commands": [ + "url" + ] + } + }, + { + "BigFixTest": { + "name": "BigFixTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-deploy-patch" + ] + } + }, + { + "Cisco-Meraki-Test": { + "name": "Cisco-Meraki-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", + "meraki-fetch-organization-inventory" + ] + } + }, + { + "url_enrichment_-_generic_test": { + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "URL Enrichment - Generic" + ], + "implementing_commands": [ + "rasterize" + ] + } + }, + { + "CheckpointFW-test": { + "name": "CheckpointFW-test", + "implementing_scripts": [ + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", + "CheckpointFWCreateBackup" + ], + "implementing_commands": [ + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", + "checkpoint-show-hosts" + ] + } + }, + { + "Test Playbook McAfee ATD": { + "name": "Test Playbook McAfee ATD", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_playbooks": [ + "Detonate URL - McAfee ATD", + "ATD - Detonate File" + ], + "implementing_commands": [ + "atd-list-analyzer-profiles", + "atd-login", + "atd-list-user" + ] + } + }, + { + "Cisco-Umbrella-Test": { + "name": "Cisco-Umbrella-Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", + "umbrella-domain-categorization" + ] + } + }, + { + "Test Playbook McAfee ePO": { + "name": "Test Playbook McAfee ePO", + "implementing_scripts": [ + "RaiseError", + "DeleteContext" + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", + "epo-query-table" + ] + } + }, + { + "grr_test": { + "name": "GRR Test", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_commands": [ + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", + "grr-get-flows" + ] + } + }, + { + "RTIR Test": { + "name": "RTIR Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", + "rtir-search-ticket" + ] + } + }, + { + "GeneratePassword-Test": { + "name": "GeneratePassword-Test", + "implementing_scripts": [ + "Print", + "GeneratePassword", + "DeleteContext", + "Exists" + ] + } + }, + { + "EWS Public Folders Test": { + "name": "EWS Public Folders Test", + "implementing_commands": [ + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", + "ews-get-folder" + ] + } + }, + { + "account_enrichment_-_generic_test": { + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Account Enrichment - Generic" + ] + } + }, + { + "TestStringReplace": { + "name": "TestStringReplace", + "implementing_scripts": [ + "StringReplace", + "VerifyContextFields", + "DeleteContext" + ] + } + }, + { + "EWSv2_empty_attachment_test": { + "name": "EWSv2_empty_attachment_test", + "implementing_commands": [ + "ews-get-attachment" + ] + } + }, + { + "search_endpoints_by_hash_-_crowdstrike_-_test": { + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - CrowdStrike" + ] + } + }, + { + "IBM Resilient Systems Test": { + "name": "IBM Resilient Systems Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", + "rs-incident-artifacts" + ] + } + }, + { + "whois_test": { + "name": "whois_test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "closeInvestigation", + "whois" + ] + } + }, + { + "c7d68ad5MxToolbox_test": { + "name": "MxToolbox_test", + "implementing_scripts": [ + "CloseInvestigation", + "Exists", + "ToTable" + ], + "implementing_commands": [ + "mxtoolbox" + ] + } + }, + { + "Jira-Test": { + "name": "Jira-Test", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload" + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", + "jira-get-issue" + ] + } + }, + { + "2142f8de-29d5-4288-8426-0db39abe988b": { + "name": "AWS - EC2 Test Playbook ", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", + "aws-ec2-describe-addresses" + ] + } + }, + { + "palo_alto_firewall_test_pb": { + "name": "palo_alto_firewall_test_pb", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_playbooks": [ + "PanoramaCommitConfiguration" + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", + "panorama-delete-address" + ] + } + }, + { + "Google Safe Browsing Test": { + "name": "Google Safe Browsing Test", + "implementing_scripts": [ + "RaiseError", + "CloseInvestigation" + ], + "implementing_commands": [ + "url" + ] + } + }, + { + "Tenable.io test": { + "name": "Tenable.io test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", + "tenable-io-get-scan-status" + ] + } + }, + { + "JoeSecurityTestPlaybook": { + "name": "JoeSecurityTestPlaybook", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_commands": [ + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", + "joe-analysis-submit-url" + ] + } + }, + { + "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample By Hash - Carbon Black Enterprise Response" + ] + } + }, + { + "OTRS Test": { + "name": "OTRS Test", + "implementing_scripts": [ + "FetchFromInstance" + ], + "implementing_commands": [ + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", + "otrs-get-ticket" + ] + } + }, + { + "get_original_email_-_gmail_-_test": { + "name": "Get Original Email - Gmail - Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_playbooks": [ + "Get Original Email - Gmail" + ] + } + }, + { + "TestHPServiceManager": { + "name": "TestHPServiceManager", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", + "hpsm-get-incident-by-id" + ] + } + }, + { + "AbuseIPDB Test": { + "name": "AbuseIPDB Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", + "abuseipdb-report-ip" + ] + } + }, + { + "TestIsValueInArray": { + "name": "TestIsValueInArray", + "implementing_scripts": [ + "CloseInvestigation", + "Set", + "IsValueInArray" + ] + } + }, + { + "GsuiteTest": { + "name": "test-Gsuite", + "implementing_scripts": [ + "VerifyContextFields" + ], + "implementing_commands": [ + "googleapps-list-users" + ] + } + }, + { + "efc817d2-6660-4d4f-890d-90513ca1e180": { + "name": "Cisco Spark Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", + "cisco-spark-list-rooms" + ] + } + }, + { + "iDefenseTest": { + "name": "iDefenseTest", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "uuid" + ] + } + }, + { + "block_indicators_-_generic_-_test": { + "name": "Block Indicators - Generic - Test", + "implementing_playbooks": [ + "Block Indicators - Generic" + ] + } + }, + { + "rsa_packets_and_logs_test": { + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", + "netwitness-query" + ] + } + }, + { + "Google_Vault-Search_And_Display_Results_test": { + "name": "Google Vault - Search And Display Results test", + "implementing_scripts": [ + "GeneratePassword", + "DeleteContext" + ], + "implementing_playbooks": [ + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", + "Google Vault - Search Drive" + ] + } + }, + { + "URLDecode-Test": { + "name": "URLDecode-Test", + "implementing_scripts": [ + "URLDecode", + "DeleteContext" + ] + } + }, + { + "Zscaler Test": { + "name": "Zscaler Test", + "implementing_scripts": [ + "GenerateUUID", + "isError" + ], + "implementing_commands": [ + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", + "zscaler-category-add-url" + ] + } + }, + { + "urlscan_malicious_Test": { + "name": "urlscan_malicious_Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "urlscan-search" + ] + } + }, + { + "DemistoUploadFileToIncident Test": { + "name": "DemistoUploadFileToIncident Test", + "implementing_scripts": [ + "DemistoUploadFileToIncident", + "http" + ] + } + }, + { + "ParseEmailFiles-test": { + "name": "ParseEmailFiles-test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", + "ParseEmailFiles" + ] + } + }, + { + "extract_indicators_-_generic_-_test": { + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IncidentSet", + "DeleteContext", + "VerifyContext" + ], + "implementing_playbooks": [ + "Extract Indicators - Generic" + ] + } + }, + { + "listExecutedCommands-Test": { + "name": "listExecutedCommands-Test", + "implementing_scripts": [ + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", + "AreValuesEqual" + ] + } + }, + { + "Phishing test - Inline": { + "name": "Phishing test - Inline", + "implementing_scripts": [ + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Phishing Investigation - Generic" + ] + } + }, + { + "Tenable.io Scan Test": { + "name": "Tenable.io Scan Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Tenable.io Scan" + ] + } + }, + { + "AlphaSOC-Wisdom-Test": { + "name": "AlphaSOC Wisdom Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "wisdom-ip-flags", + "wisdom-domain-flags" + ] + } + }, + { + "pyEWS_Test": { + "name": "pyEWS_Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", + "ews-search-mailboxes" + ] + } + }, + { + "virusTotal-test-playbook": { + "name": "virusTotal-test-playbook", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext", + "Exists" + ], + "implementing_commands": [ + "url", + "ip", + "domain", + "file" + ] + } + }, + { + "calculate_severity_-_critical_assets_-_test": { + "name": "Calculate Severity - Critical assets - Test", + "implementing_scripts": [ + "VerifyContext", + "ADGetUser" + ], + "implementing_playbooks": [ + "Calculate Severity - Critical assets" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_response_-_test": { + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Response" + ] + } + }, + { + "5dc848e5-a649-4394-8300-386770d39d75": { + "name": "TestGetDuplicatesIncidentsByMl", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", + "TestCreateDuplicates" + ] + } + }, + { + "LogRhythm-Test-Playbook": { + "name": "LogRhythm-Test-Playbook", + "implementing_commands": [ + "lr-get-alarms" + ] + } + }, + { + "test_similar_incidents": { + "name": "Test Similar Incidents", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", + "FindSimilarIncidents" + ] + } + }, + { + "2cddaacb-4e4c-407e-8ef5-d924867b810c": { + "name": "AWS - CloudWatchLogs Test Playbook_copy", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", + "aws-logs-delete-retention-policy" + ] + } + }, + { + "TestSkyformation": { + "name": "TestSkyformation", + "implementing_scripts": [ + "TestFail" + ], + "implementing_commands": [ + "skyformation-get-accounts" + ] + } + }, + { + "EWS test": { + "name": "EWS test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", + "SendEmail" + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", + "ews-delete-items" + ] + } + }, + { + "ShodanTest": { + "name": "ShodanTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "d8628445-ff86-40f9-857d-50b3f1d295a6": { + "name": "Sandblast malicious test", + "implementing_scripts": [ + "DeleteContext", + "Exists", + "echo" + ], + "implementing_commands": [ + "sandblast-query", + "sandblast-upload" + ] + } + }, + { + "minemeld_test": { + "name": "Palo Alto MineMeld Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner" + ] + } + }, + { + "Archer-Test-Playbook": { + "name": "Archer-Test-Playbook", + "implementing_scripts": [ + "VerifyContextFields", + "DeleteContext" + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", + "archer-get-record" + ] + } + }, + { + "LanguageDetect-Test": { + "name": "LanguageDetect-Test", + "implementing_scripts": [ + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", + "Exists" + ] + } + }, + { + "ThreatGridTest": { + "name": "ThreatGridTest", + "implementing_scripts": [ + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", + "threat-grid-upload-sample" + ] + } + }, + { + "Detonate URL - Generic Test": { + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", + "implementing_scripts": [ + "Set", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate URL - Generic" + ] + } + }, + { + "test-ThreatConnect": { + "name": "test-ThreatConnect", + "implementing_commands": [ + "tc-owners" + ] + } + }, + { + "TestMatchRegex": { + "name": "TestMatchRegex", + "implementing_scripts": [ + "DeleteContext", + "MatchRegex" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "search_endpoints_by_hash_-_generic_-_test": { + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Generic" + ] + } + }, + { + "Detonate File - SNDBOX - Test": { + "name": "Detonate File - SNDBOX - Test", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - SNDBOX" + ] + } + }, + { + "CreatePhishingClassifierMLTest": { + "name": "Create Phishing Classifier ML Test", + "implementing_scripts": [ + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", + "TestCreateIncidents" + ], + "implementing_playbooks": [ + "DBot Create Phishing Classifier" + ] + } + }, + { + "CirclIntegrationTest": { + "name": "CIRCL Test", + "implementing_scripts": [ + "VerifyHumanReadableContains", + "PrintErrorEntry", + "isError" + ], + "implementing_commands": [ + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", + "circl-dns-get" + ] + } + }, + { + "ProofpointDecodeURL-Test": { + "name": "ProofpointDecodeURL-Test", + "implementing_scripts": [ + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", + "AreValuesEqual" + ] + } + }, + { + "FireEye HX Test": { + "name": "FireEye HX Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", + "fireeye-hx-get-indicator" + ] + } + }, + { + "hashicorp_test": { + "name": "hashicorp_test", + "implementing_scripts": [ + "GetTime", + "DeleteContext" + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", + "hashicorp-reset-configuration" + ] + } + }, + { + "decodemimeheader_-_test": { + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DecodeMimeHeader", + "DeleteContext", + "VerifyContext" + ] + } + }, + { + "XFE Test": { + "name": "XFE Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Exists", + "AreValuesEqual" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cve-latest", + "cve-search", + "file" + ] + } + }, + { + "Base64 File in List Test": { + "name": "Base64 File in List Test", + "implementing_scripts": [ + "VerifyContext", + "Base64ListToFile" + ], + "implementing_commands": [ + "setList" + ] + } + }, + { + "Cybereason Test": { + "name": "Cybereason Test", + "implementing_scripts": [ + "FetchFromInstance", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-malops" + ] + } + }, + { + "ActiveMQ Test": { + "name": "ActiveMQ Test", + "implementing_scripts": [ + "VerifyContext", + "Sleep" + ], + "implementing_commands": [ + "activemq-send", + "activemq-subscribe" + ] + } + }, + { + "McAfeeNSMTest": { + "name": "McAfeeNSMTest", + "implementing_commands": [ + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", + "nsm-get-sensors" + ] + } + }, + { + "SNDBOX_Test": { + "name": "SNDBOX_Test", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_commands": [ + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", + "sndbox-is-online" + ] + } + }, + { + "Fortigate Test": { + "name": "Fortigate Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", + "fortigate-update-policy" + ] + } + }, + { + "sep_-_test_endpoint_search": { + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "sep-endpoints-info" + ] + } + }, + { + "awake_security_test_pb": { + "name": "awake_security_test_pb", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", + "email" + ] + } + }, + { + "af2f5a99-d70b-48c1-8c25-519732b733f2": { + "name": "nmap-test", + "implementing_scripts": [ + "CloseInvestigation", + "Print", + "Exists" + ], + "implementing_commands": [ + "nmap-scan" + ] + } + }, + { + "Detonate File - No Files test": { + "name": "Detonate File - No Files test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", + "ExtractEmail" + ] + } + }, + { + "test-LinkIncidentsWithRetry": { + "name": "test-LinkIncidentsWithRetry", + "implementing_scripts": [ + "Print", + "LinkIncidentsWithRetry", + "AreValuesEqual" + ], + "implementing_commands": [ + "createNewIncident" + ] + } + }, + { + "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { + "name": "Autofocus_test", + "implementing_scripts": [ + "CloseInvestigation", + "IsMaliciousIndicatorFound", + "AreValuesEqual" + ], + "implementing_commands": [ + "autofocus-search-sessions", + "file", + "autofocus-search-samples" + ] + } + }, + { + "Remedy-On-Demand-Test": { + "name": "Remedy-On-Demand-Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-incident-update" + ] + } + }, + { + "get_file_sample_from_path_-_generic_-_test": { + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Generic" + ], + "implementing_commands": [ + "cb-list-sensors" + ] + } + }, + { + "Test ParseCSV": { + "name": "Test ParseCSV", + "implementing_scripts": [ + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", + "AreValuesEqual" + ] + } + }, + { + "Preempt Test": { + "name": "Preempt Test", + "implementing_commands": [ + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", + "preempt-add-to-watch-list" + ] + } + }, + { + "playbook-Cymon_Test": { + "name": "playbook-Cymon_Test", + "implementing_scripts": [ + "VerifyContext", + "StringContains", + "DeleteContext", + "ValidateErrorExistence" + ], + "implementing_commands": [ + "ip", + "domain" + ] + } + }, + { + "150778e9-90ca-4c28-873e-f050f2c6d3a3": { + "name": "HTTPRedirectList Test", + "implementing_scripts": [ + "CloseInvestigation", + "HTTPListRedirects", + "AreValuesEqual" + ] + } + }, + { + "TCPUtils-Test": { + "name": "Tcpiputlis Test Playbook", + "implementing_scripts": [ + "VerifyContextFields", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip" + ] + } + }, + { + "113aca8a-ee52-419f-89a6-150ee232d0d1": { + "name": "S3 Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", + "aws-s3-delete-bucket" + ] + } + }, + { + "buildewsquery_test": { + "name": "BuildEWSQuery Test", + "implementing_scripts": [ + "BuildEWSQuery", + "VerifyContext" + ] + } + }, + { + "palo_alto_panorama_test_pb": { + "name": "palo_alto_panorama_test_pb", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", + "panorama-delete-address" + ] + } + }, + { + "okta_test_playbook": { + "name": "Okta test playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", + "okta-get-group-assignments" + ] + } + }, + { + "test_delete_context": { + "name": "Test Delete Context", + "implementing_scripts": [ + "RaiseError", + "Set", + "DeleteContext", + "isError" + ] + } + }, + { + "JiraCreateIssue-example-test": { + "name": "JiraCreateIssue-example-test", + "implementing_scripts": [ + "JiraCreateIssue-example", + "DeleteContext" + ], + "implementing_commands": [ + "jira-delete-issue" + ] + } + }, + { + "AttivoBotsinkTest": { + "name": "AttivoBotsinkTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", + "attivo-list-playbooks" + ] + } + }, + { + "email_test": { + "name": "Email Address Enrichment - Generic - Test", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Email Address Enrichment - Generic" + ] + } + }, + { + "Cisco Umbrella Test": { + "name": "Cisco Umbrella Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", + "umbrella-get-domain-queryvolume" + ] + } + }, + { + "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { + "name": "AWS - SQS Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", + "aws-sqs-delete-queue" + ] + } + }, + { + "RedCanaryTest": { + "name": "RedCanaryTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", + "redcanary-execute-playbook" + ] + } + }, + { + "blockip_test_playbook": { + "name": "blockip_test_playbook", + "implementing_scripts": [ + "BlockIP" + ] + } + }, + { + "block_endpoint_-_carbon_black_response_-_test": { + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Block Endpoint - Carbon Black Response" + ], + "implementing_commands": [ + "cb-list-sensors", + "cb-unquarantine-device", + "cb-sensor-info" + ] + } + }, + { + "exporttocsv_script_test": { + "name": "ExportToCSV script test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", + "ReadFile" + ] + } + }, + { + "get_file_sample_from_path_-_d2_-_test": { + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - D2" + ] + } + }, + { + "GetTime-Test": { + "name": "GetTime-Test", + "implementing_scripts": [ + "GetTime", + "DeleteContext", + "MatchRegex" + ] + } + }, + { + "CreateEmailHtmlBody_test_pb": { + "name": "CreateEmailHtmlBody_test_pb", + "implementing_scripts": [ + "CreateEmailHtmlBody", + "DeleteContext" + ], + "implementing_commands": [ + "createList" + ] + } + }, + { + "forcepoint test": { + "name": "forcepoint test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", + "fp-delete-categories" + ] + } + }, + { + "CrowdStrike Endpoint Enrichment - Test": { + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "PrintErrorEntry" + ], + "implementing_playbooks": [ + "CrowdStrike Endpoint Enrichment" + ], + "implementing_commands": [ + "cs-device-search", + "cs-detection-search" + ] + } + }, + { + "endpoint_enrichment_-_generic_test": { + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Endpoint Enrichment - Generic" + ] + } + }, + { + "TestHttpPlaybook": { + "name": "TestHttpPlaybook", + "implementing_scripts": [ + "VerifyContextFields", + "DeleteContext", + "http" + ] + } + }, + { + "Test-IsMaliciousIndicatorFound": { + "name": "Test-IsMaliciousIndicatorFound", + "implementing_scripts": [ + "VerifyContext", + "Sleep", + "IsMaliciousIndicatorFound" + ], + "implementing_commands": [ + "createNewIndicator" + ] + } + }, + { + "Mimecast test": { + "name": "Mimecast test", + "implementing_scripts": [ + "FetchFromInstance", + "DeleteContext" + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", + "mimecast-get-url-logs" + ] + } + }, + { + "TestParseCSV": { + "name": "TestParseCSV", + "implementing_scripts": [ + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", + "ExportToCSV" + ] + } + }, + { + "ArcSight Logger test": { + "name": "ArcSight Logger test", + "implementing_scripts": [ + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", + "as-events" + ] + } + }, + { + "Cylance Protect v2 Test": { + "name": "Cylance Protect v2 Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", + "cylance-protect-add-hash-to-list" + ] + } + }, + { + "McAfeeESMTest": { + "name": "McAfeeESMTest", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", + "esm-fetch-alarms" + ] + } + }, + { + "Detonate File - Generic Test": { + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "Jask_Test": { + "name": "Jask Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", + "jask-get-insight-comments" + ] + } + }, + { + "RSA NetWitness Test": { + "name": "RSA NetWitness Test", + "implementing_commands": [ + "netwitness-get-incident", + "netwitness-get-incidents" + ] + } + }, + { + "Test_Sagemaker": { + "name": "Test Sagemaker", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "predict-phishing" + ] + } + }, + { + "ExtractURL Test": { + "name": "ExtractURL Test", + "implementing_scripts": [ + "Print", + "ExtractURL", + "IsTrue" + ] + } + }, + { + "tenable-sc-test": { + "name": "Tenable.sc Test", + "implementing_scripts": [ + "GetTime", + "VerifyContext", + "DeleteContext", + "FetchFromInstance" + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", + "tenable-sc-list-users" + ] + } + }, + { + "ReversingLabsA1000Test": { + "name": "ReversingLabsA1000Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", + "file" + ] + } + }, + { + "TestWordFileToIOC": { + "name": "TestWordFileToIOC", + "implementing_scripts": [ + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", + "ParseWordDoc" + ] + } + }, + { + "TestExtractHTMLTables": { + "name": "TestExtractHTMLTables", + "implementing_scripts": [ + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", + "Exists" + ] + } + }, + { + "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { + "name": "Test - urlscan", + "implementing_scripts": [ + "CloseInvestigation", + "DeleteContext", + "AreValuesEqual" + ], + "implementing_commands": [ + "url", + "ip", + "urlscan-submit" + ] + } + }, + { + "RasterizeImageTest": { + "name": "RasterizeImageTest", + "implementing_scripts": [ + "GenerateImageFileEntry", + "DeleteContext" + ], + "implementing_commands": [ + "rasterize-image", + "closeInvestigation" + ] + } + }, + { + "InfoArmorVigilanteATITest": { + "name": "InfoArmorVigilanteATITest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", + "vigilante-search-leaks" + ] + } + }, + { + "strings-test": { + "name": "strings-test", + "implementing_scripts": [ + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", + "VerifyContext" + ] + } + }, + { + "process_email_-_generic_-_test": { + "name": "Process Email - Generic - Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Process Email - Generic" + ] + } + }, + { + "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { + "name": "AWS - S3 Test Playbook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy" + ] + } + }, + { + "TestFileCreateAndUpload": { + "name": "TestFileCreateAndUpload", + "implementing_scripts": [ + "Print", + "FileCreateAndUpload", + "DeleteContext", + "CloseInvestigation" + ] + } + }, + { + "get_original_email_-_ews-_test": { + "name": "Get Original Email - EWS - Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_playbooks": [ + "Get Original Email - EWS" + ] + } + }, + { + "Remedy AR Test": { + "name": "Remedy AR Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "remedy-get-server-details" + ] + } + }, + { + "WordTokenizeTest": { + "name": "WordTokenizeTest", + "implementing_scripts": [ + "VerifyContext", + "WordTokenizer", + "DeleteContext" + ] + } + }, + { + "ExtractDomainTest": { + "name": "ExtractDomainTest", + "implementing_scripts": [ + "VerifyContext", + "ExtractDomain" + ] + } + }, + { + "TestCommonPython": { + "name": "TestCommonPython", + "implementing_scripts": [ + "TestPYCommonServer" + ] + } + }, + { + "get_file_sample_by_hash_-_cylance_protect_-_test": { + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample By Hash - Cylance Protect" + ] + } + }, + { + "TestPacketsled": { + "name": "TestPacketsled", + "implementing_commands": [ + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", + "packetsled-get-incidents" + ] + } + }, + { + "EWS search-mailbox test": { + "name": "EWS search-mailbox test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "ews-search-mailbox", + "ews-move-item", + "send-mail" + ] + } + }, + { + "IntSights Test": { + "name": "IntSights Test", + "implementing_scripts": [ + "Print", + "VerifyContext", + "DeleteContext", + "Exists", + "IsValueInArray" + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", + "intsights-get-alert-activities" + ] + } + }, + { + "SalesforceTestPlaybook": { + "name": "SalesforceTestPlaybook", + "implementing_scripts": [ + "ContextContains", + "DeleteContext" + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", + "salesforce-query" + ] + } + }, + { + "Wildfire Test": { + "name": "Wildfire Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "wildfire-upload", + "wildfire-upload-file-remote", + "wildfire-report" + ] + } + }, + { + "Vectra-test": { + "name": "Vectra-test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", + "vectra-detections" + ] + } + }, + { + "CuckooTest": { + "name": "CuckooTest", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate URL - Cuckoo", + "Detonate File - Cuckoo" + ] + } + }, + { + "TextFromHTML_test_playbook": { + "name": "TextFromHTML Test", + "implementing_scripts": [ + "VerifyContext", + "TextFromHTML" + ] + } + }, + { + "PhishAi-Test": { + "name": "PhishAi-Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "phish-ai-scan-url" + ] + } + }, + { + "Phishing test - attachment": { + "name": "Phishing test - attachment", + "implementing_scripts": [ + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Phishing Investigation - Generic" + ] + } + }, + { + "search_endpoints_by_hash_-_carbon_black_protection_-_test": { + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Search Endpoints By Hash - Carbon Black Protection" + ] + } + }, + { + "Test-Detonate URL - Phish.AI": { + "name": "Test-Detonate URL - Phish.AI", + "implementing_playbooks": [ + "Detonate URL - Phish.AI" + ] + } + }, + { + "ReversingLabsTCTest": { + "name": "ReversingLabsTCTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "file" + ] + } + }, + { + "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_playbooks": [ + "Get File Sample From Path - Carbon Black Enterprise Response" + ], + "implementing_commands": [ + "cb-list-sensors" + ] + } + }, + { + "PostgreSQL Test": { + "name": "PostgreSQL Test", + "fromversion": "3.6.0", + "implementing_scripts": [ + "VerifyHumanReadableEquals" + ], + "implementing_commands": [ + "pgsql-query" + ] + } + }, + { + "DUO Test Playbook": { + "name": "DUO Test Playbook", + "implementing_scripts": [ + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", + "PrintContext" + ], + "implementing_commands": [ + "duo-preauth" + ] + } + }, + { + "secureworks_test": { + "name": "Secureworks test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", + "secure-works-get-tickets-updates" + ] + } + }, + { + "File Enrichment - Generic Test": { + "name": "File Enrichment - Generic Test", + "implementing_scripts": [ + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "File Enrichment - Generic" + ] + } + }, + { + "JSONtoCSV-Test": { + "name": "JSONtoCSV-Test", + "implementing_scripts": [ + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", + "DeleteContext" + ] + } + }, + { + "ZipFile-Test": { + "name": "ZipFile-Test", + "implementing_scripts": [ + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", + "DeleteContext" + ] + } + }, + { + "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { + "name": "AWS - IAM Test Playbook", + "implementing_scripts": [ + "VerifyContext", + "Sleep" + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", + "aws-iam-delete-instance-profile" + ] + } + }, + { + "ExposeIncidentOwner-Test": { + "name": "ExposeIncidentOwner-Test", + "implementing_scripts": [ + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", + "AreValuesEqual" + ] + } + }, + { + "McAfeeWebGatewayTest": { + "name": "McAfeeWebGatewayTest", + "implementing_scripts": [ + "ContextContains", + "DeleteContext", + "Sleep", + "PrintContext" + ], + "implementing_commands": [ + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", + "mwg-get-available-lists" + ] + } + }, + { + "DemistoLockTest": { + "name": "DemistoLockTest", + "implementing_scripts": [ + "Set", + "Print", + "DeleteContext", + "Sleep", + "isError" + ], + "implementing_commands": [ + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", + "demisto-lock-info" + ] + } + }, + { + "Detonate File - BitDam Test": { + "name": "Detonate File - BitDam Test", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - BitDam" + ] + } + }, + { + "Luminate-TestPlaybook": { + "name": "Luminate-TestPlaybook", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", + "lum-get-http-access-logs" + ] + } + }, + { + "McAfee-MAR_Test": { + "name": "McAfee-MAR_Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "mar-collectors-list", + "mar-search-multiple", + "mar-search" + ] + } + }, + { + "CarbonBlackLiveResponseTest": { + "name": "Carbon Black Live Response Test", + "implementing_scripts": [ + "TestCreateWordFile", + "DeleteContext", + "Sleep" + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", + "cb-session-close" + ] + } + }, + { + "Recorded Future Test": { + "name": "Recorded Future Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "ip", + "domain", + "recorded-future-get-related-entities", + "file" + ] + } + }, + { + "NetWitness Endpoint Test": { + "name": "NetWitness Endpoint Test", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", + "netwitness-get-machine-module" + ] + } + }, + { + "DNSDBTest": { + "name": "DNSDBTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "dnsdb-rrset", + "dnsdb-rdata" + ] + } + }, + { + "VerifyHumanReadableFormat": { + "name": "VerifyHumanReadableFormat", + "implementing_scripts": [ + "VerifyTableToMarkDown", + "VerifyTreeToFlatObject" + ] + } + }, + { + "domain_enrichment_generic_test": { + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "VerifyContext", + "Set" + ], + "implementing_playbooks": [ + "Domain Enrichment - Generic" + ] + } + }, + { + "Anomali_ThreatStream_Test": { + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", + "file" + ] + } + }, + { + "ParseExcel-test": { + "name": "ParseExcel-test", + "implementing_scripts": [ + "ParseExcel", + "DeleteContext", + "http" + ] + } + }, + { + "Zoom_Test": { + "name": "Zoom_Test", + "implementing_scripts": [ + "Print", + "VerifyContext", + "GenerateEmail", + "DeleteContext" + ], + "implementing_commands": [ + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", + "zoom-delete-user" + ] + } + }, + { + "DomainTools-Test": { + "name": "DomainTools-Test", + "implementing_scripts": [ + "VerifyContext", + "NotInContextVerification", + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", + "reverseIP" + ] + } + }, + { + "RedLockTest": { + "name": "RedLockTest", + "implementing_scripts": [ + "DeleteContext" + ], + "implementing_commands": [ + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts" + ] + } + }, + { + "TruSTAR Test": { + "name": "TruSTAR Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", + "trustar-search-indicators" + ] + } + }, + { + "JoeSecurityTestDetonation": { + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", + "implementing_scripts": [ + "FileCreateAndUpload", + "DeleteContext" + ], + "implementing_playbooks": [ + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", + "Detonate URL - JoeSecurity" + ] + } + }, + { + "Symantec Messaging Gateway Test": { + "name": "Symantec Messaging Gateway Test", + "implementing_scripts": [ + "GenerateIP", + "VerifyContext", + "GenerateUUID", + "AreValuesEqual" + ], + "implementing_commands": [ + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", + "smg-unblock-email" + ] + } + }, + { + "devo_test_playbook": { + "name": "Devo test playbook", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "devo-query" + ] + } + }, + { + "Lastline - testplaybook": { + "name": "Lastline - testplaybook", + "implementing_scripts": [ + "DeleteContext", + "Set", + "http" + ], + "implementing_playbooks": [ + "Detonate URL - Lastline", + "Detonate File - Lastline" + ] + } + }, + { + "detonate_file_-_generic_test": { + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "implementing_scripts": [ + "DeleteContext", + "http" + ], + "implementing_playbooks": [ + "Detonate File - Generic" + ] + } + }, + { + "Test CommonServer": { + "name": "Test CommonServer", + "implementing_scripts": [ + "TestFormatTableValues" + ] + } + }, + { + "Test filters & transformers scripts": { + "name": "Test filters & transformers scripts", + "implementing_scripts": [ + "RaiseError", + "Print", + "Set" + ] + } + }, + { + "virusTotalPrivateAPI-test-playbook": { + "name": "virusTotalPrivateAPI-test-playbook", + "implementing_scripts": [ + "VerifyContext", + "StringContains", + "DeleteContext" + ], + "implementing_commands": [ + "vt-private-get-url-report", + "vt-private-get-file-report", + "vt-private-get-domain-report" + ] + } + }, + { + "SCADAfence_test": { + "name": "SCADAfence_test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAlerts" + ] + } + }, + { + "c19e328d-0cf3-4a94-88b3-df670d984602": { + "name": "SymantecEndpointProtection Test", + "implementing_scripts": [ + "SEPScan", + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", + "sep-system-info" + ] + } + }, + { + "PagerDuty Test": { + "name": "PagerDuty Test", + "implementing_scripts": [ + "VerifyContext" + ], + "implementing_commands": [ + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call-now" + ] + } + }, + { + "pan-appframework-test": { + "name": "pan-appframework-test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "pan-appframework-query-logs" + ] + } + }, + { + "TestSafeBreach": { + "name": "TestSafeBreach", + "implementing_commands": [ + "safebreach-get-simulation", + "safebreach-rerun" + ] + } + }, + { + "ExifReadTest": { + "name": "ExifReadTest", + "implementing_scripts": [ + "GenerateImageFileEntry", + "ExifRead", + "DeleteContext" + ], + "implementing_commands": [ + "closeInvestigation" + ] + } + }, + { + "McAfee-TIE Test": { + "name": "McAfee-TIE Test", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "tie-file-references", + "file", + "tie-set-file-reputation" + ] + } + }, + { + "SymantecMSSTest": { + "name": "SymantecMSSTest", + "implementing_scripts": [ + "VerifyContext", + "DeleteContext" + ], + "implementing_commands": [ + "symantec-mss-incidents-list", + "symantec-mss-update-incident", + "symantec-mss-get-incident" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + } + ] } \ No newline at end of file From f35c34cb5fd5e634ef052e8772bb7aa6cdcca9b2 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 14:10:29 +0200 Subject: [PATCH 39/49] removed duplicates from id_set.json --- Tests/id_set.json | 256 ---------------------------------------------- 1 file changed, 256 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 469219d2720a..3c9ed1761d12 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -4470,90 +4470,6 @@ ] } }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, { "stoptimetoassignonownerchange": { "name": "StopTimeToAssignOnOwnerChange", @@ -6678,110 +6594,6 @@ ] } }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", @@ -14570,74 +14382,6 @@ ] } }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From 0c351737515057409a8c7a757e25f4e4ebe69eb0 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 14:53:19 +0200 Subject: [PATCH 40/49] Removed another dupe --- Tests/id_set.json | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 3c9ed1761d12..48dca406d1fd 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -14365,23 +14365,6 @@ ] } }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From a9282872cbad69fd732cf301c2292b6ea5596e22 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 14:58:47 +0200 Subject: [PATCH 41/49] Removed more dupes --- Tests/id_set.json | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/Tests/id_set.json b/Tests/id_set.json index 48dca406d1fd..e0fe8fbd3876 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -6594,6 +6594,32 @@ ] } }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", @@ -14365,6 +14391,23 @@ ] } }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From e2f2f5479a50333fe772f9c3d0c5346512b6492b Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 15:04:00 +0200 Subject: [PATCH 42/49] Removed more dupes --- Tests/id_set.json | 11376 ++++++++++++++++++++++---------------------- 1 file changed, 5643 insertions(+), 5733 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index e0fe8fbd3876..e167cb55bc1d 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -4436,28 +4436,7 @@ "GetFirstObject": { "name": "GetFirstObject" } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, + }, { "changeremediationslaonsevchange": { "name": "ChangeRemediationSLAOnSevChange", @@ -4479,9935 +4458,9866 @@ ] } } - ], + ], "playbooks": [ { "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ "Search And Delete Emails - EWS" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", + "CloseInvestigation", + "IncidentSet", "commentsToContext" - ], + ], "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", "servicenow-incident-create" ] } - }, + }, { "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, + "name": "Get Original Email - Generic", + "fromversion": 4.0, "implementing_playbooks": [ - "Get Original Email - Gmail", + "Get Original Email - Gmail", "Get Original Email - EWS" ] } - }, + }, { "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "phish-ai-check-status", + "phish-ai-check-status", "phish-ai-scan-url" ] } - }, + }, { "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-get-task-report", "cuckoo-create-task-from-url" ] } - }, + }, { "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Cylance Protect", "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-details" ] } - }, + }, { "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - Carbon Black Enterprise Response", "Get File Sample From Path - D2" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ "rasterize-email" ] } - }, + }, { "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-upload-file", + "lastline-upload-file", "lastline-get-report" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", + "name": "GenericPolling", + "fromversion": "4.0.0", "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", + "ScheduleGenericPolling", + "RunPollingCommand", "PrintErrorEntry" ] } - }, + }, { "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExposeModules", - "Autoruns", + "ExposeModules", + "Autoruns", "Exists" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", "Calculate Severity - Critical assets" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", + "CBPFindRule", + "Set", + "CBPCatalogFindHash", "Exists" - ], + ], "implementing_commands": [ "cbp-computer-get" ] } - }, + }, { "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", + "name": "Incident Enrichment", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExtractURL", - "ExtractHash", + "ExtractURL", + "ExtractHash", "ExtractIP" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "Exists", + "Exists", "SendEmail" - ], + ], "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-search" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "crowdstrike-detonate-file" ] } - }, + }, { "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", + "name": "Enrich McAfee DXL using 3rd party sandbox", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "WildFire - Detonate file" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", + "name": "Tenable.io Scan", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", "tenable-io-get-scan-status" ] } - }, + }, { "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", "Block Account - Generic" ] } - }, + }, { "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-get-samples-state", "threat-grid-url-to-file" ] } - }, + }, { "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", "TrendMicroGetHostID" ] } - }, + }, { "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", "gvault-get-mail-results" ] } - }, + }, { "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", "Email Address Enrichment - Generic" ] } - }, + }, { "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", + "joe-download-report", + "joe-analysis-submit-url", "joe-analysis-info" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-sample", + "crowdstrike-submit-sample", "crowdstrike-scan" ] } - }, + }, { "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-device-details" ] } - }, + }, { "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "cveReputation" - ], + ], "implementing_commands": [ "cve-search" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", + "Print", + "CloseInvestigationAsDuplicate", "GetDuplicatesMl" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", "Detonate File - Generic" ] } - }, + }, { "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ - "QualysCreateIncidentFromReport", + "QualysCreateIncidentFromReport", "Set" - ], + ], "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", + "qualys-report-fetch", + "closeInvestigation", "qualys-report-list" ] } - }, + }, { "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, + "name": "Get Original Email - Gmail", + "fromversion": 4.0, "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", + "gmail-get-attachments", + "gmail-search", "gmail-get-mail" ] } - }, + }, { "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-check-status", + "atd-get-report", + "atd-check-status", "atd-file-upload" ] } - }, + }, { "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-get-report", + "lastline-get-report", "lastline-upload-url" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", "WildFire - Detonate file" ] } - }, + }, { "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", + "name": "Process Email - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "IsIntegrationAvailable", + "IsIntegrationAvailable", "Exists" - ], + ], "implementing_commands": [ - "slack-send", + "slack-send", "ExposeModules" ] } - }, + }, { "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentAddSystem", + "IncidentAddSystem", "FetchFileD2" ] } - }, + }, { "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, + "name": "Get Original Email - EWS", + "fromversion": 4.0, "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Set" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", + "ews-search-mailbox", + "ews-get-attachment", "ews-get-items" ] } - }, + }, { "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", + "CBPFindRule", + "CBPCatalogFindHash", "Exists" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", "implementing_scripts": [ - "StringContains", - "Set", + "StringContains", + "Set", "Exists" ] } - }, + }, { "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", "CPCreateBackup" ] } - }, + }, { "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "EPOFindSystem", - "Exists", + "EPOFindSystem", + "Exists", "ADGetComputer" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", + "cylance-protect-get-devices", + "cb-sensor-info", "so-agents-query" ] } - }, + }, { "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", "implementing_playbooks": [ - "QRadar - Get offense correlations", + "QRadar - Get offense correlations", "Access Investigation - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", "gvault-get-groups-results" ] } - }, + }, { "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", "DBotPreparePhishingData" ] } - }, + }, { "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", "Detonate URL - McAfee ATD" ] } - }, + }, { "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-sc-get-scan-report", + "tenable-sc-get-scan-report", "tenable-sc-launch-scan" ] } - }, + }, { "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload-file-remote", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", "implementing_commands": [ - "cb-sensor-info", + "cb-sensor-info", "cb-quarantine-device" ] } - }, + }, { "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", + "name": "DeDup incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "FindSimilarIncidents", + "FindSimilarIncidents", "CloseInvestigationAsDuplicate" ] } - }, + }, { "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-assets-scan", + "nexpose-start-assets-scan", "nexpose-get-scan" ] } - }, + }, { "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", "ExtractIP" ] } - }, + }, { "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", "NexposeEmailParser" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", + "name": "Dedup - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", "FindSimilarIncidents" ] } - }, + }, { "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", "Search Endpoints By Hash - Generic" ] } - }, + }, { "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", "implementing_commands": [ - "cb-get-hash-blacklist", + "cb-get-hash-blacklist", "cb-block-hash" ] } - }, + }, { "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "BuildEWSQuery" - ], + ], "implementing_commands": [ - "ews-search-mailboxes", + "ews-search-mailboxes", "ews-delete-items" ] } - }, + }, { "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", + "name": "MAR - Endpoint data collection", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "mar-search-multiple" ] } - }, + }, { "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-url", + "crowdstrike-submit-url", "crowdstrike-scan" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", + "IsIPInRanges", + "IPToHost", "IPReputation" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" - ], + ], "implementing_commands": [ "vt-private-get-ip-report" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "DomainReputation" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", + "name": "QRadarFullSearch", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", + "name": "Arcsight - Get events related to the Case", "implementing_scripts": [ - "IncidentSet", - "Set", + "IncidentSet", + "Set", "Exists" - ], + ], "implementing_commands": [ - "as-get-security-events", - "as-get-case", + "as-get-security-events", + "as-get-case", "as-get-case-event-ids" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", "Exists" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", "implementing_scripts": [ - "QRadarGetCorrelationLogs", + "QRadarGetCorrelationLogs", "QRadarGetOffenseCorrelations" ] } - }, + }, { "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", + "name": "Block IP - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ "PanoramaBlockIP" - ], + ], "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ - "zscaler-blacklist-ip", + "zscaler-blacklist-ip", "checkpoint-block-ip" ] } - }, + }, { "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "playbook3": { - "name": "Ransomware Playbook - Manual", + "name": "Ransomware Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", + "name": "Enrich DXL with ATD verdict", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "ATD - Detonate File" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", "sndbox-download-report" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } - }, + }, { "playbook2": { - "name": "Phishing Playbook - Manual", + "name": "Phishing Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", "Carbon black Protection Rapid IOC Hunting" ] } - }, + }, { "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "ReadPDFFile", - "Set", + "ReadPDFFile", + "Set", "ExtractIndicatorsFromTextFile" ] } - }, + }, { "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", + "name": "Sentinel One - Endpoint data collection", "implementing_scripts": [ - "Print", + "Print", "Exists" - ], + ], "implementing_commands": [ - "so-agents-query", + "so-agents-query", "so-get-agent-processes" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", + "name": "Process Email - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_playbooks": [ "Get Original Email - Generic" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", + "CloseInvestigation", + "commentsToContext", "Ping" - ], + ], "implementing_commands": [ "servicenow-incident-create" ] } - }, + }, { "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", "setIncident" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "StringContains", + "Print", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "playbook8": { - "name": "Lost / Stolen Device Playbook", + "name": "Lost / Stolen Device Playbook", "fromversion": "2.5.0" } - }, + }, { "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "DisplayHTML" - ], + ], "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "qualys-host-list", + "qualys-host-list", "qualys-vulnerability-list" ] } - }, + }, { "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", "ExtractURL" - ], + ], "implementing_playbooks": [ "Hunt for bad IOCs" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "CBFindHash" ] } - }, + }, { "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-site-scan", + "nexpose-start-site-scan", "nexpose-get-scan" ] } - }, + }, { "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", "panorama-commit-status" ] } - }, + }, { "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", "SlackAskUser" - ], + ], "implementing_commands": [ "slack-send" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", + "name": "WildFire - Detonate file", + "toversion": "3.1.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "File Enrichment - File reputation", + "File Enrichment - File reputation", "File Enrichment - Virus Total Private API" - ], + ], "implementing_commands": [ - "cylance-protect-get-threat", + "cylance-protect-get-threat", "pan-appframework-search-by-file-hash" ] } - }, + }, { "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ "NexposeCreateIncidentsFromAssets" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", + "closeInvestigation", + "nexpose-create-assets-report", "nexpose-search-assets" ] } - }, + }, { "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", + "name": "Archer initiate incident", + "fromversion": "3.5.0", "implementing_commands": [ "archer-get-file" ] } - }, + }, { "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", + "name": "Block File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Block File - Carbon Black Response" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Set" ] } - }, + }, { "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", "implementing_commands": [ "minemeld-add-to-miner" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "DomainReputation" - ], + ], "implementing_commands": [ "vt-private-get-domain-report" ] } - }, + }, { "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", "SendEmail" - ], + ], "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", + "epo-update-repository", + "epo-get-latest-dat", "epo-get-current-dat" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", + "vt-private-get-url-report", "rasterize" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", "cuckoo-create-task-from-file" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", + "name": "Account Enrichment", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", "Enrichment Playbook" ] } - }, + }, { "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", "implementing_scripts": [ "CloseInvestigation" - ], + ], "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", + "TwilioSendSMS", + "slack-send", + "demisto-api-get", "setIncident" ] } - }, + }, { "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", + "name": "ATD - Detonate File", + "toversion": "3.6.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "detonate-file" ] } - }, + }, { "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", + "name": "Block Account - Generic", + "fromversion": "4.0.0", "implementing_commands": [ "ad-disable-account" ] } - }, + }, { "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", "implementing_commands": [ - "vt-private-check-file-behaviour", + "vt-private-check-file-behaviour", "vt-private-get-file-report" ] } - }, + }, { "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", + "name": "Block URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ "zscaler-blacklist-url" ] } - }, + }, { "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", + "name": "Process Email", + "fromversion": "2.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" ] } - }, + }, { "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", + "AssignAnalystToIncident", + "ADGetUser", "EmailAskUser" - ], + ], "implementing_playbooks": [ - "IP Enrichment - Generic", + "IP Enrichment - Generic", "Account Enrichment - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", "implementing_scripts": [ "EPOFindSystem" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBLiveGetFile", + "CBLiveGetFile", "Exists" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ - "wildfire-report", + "wildfire-report", "detonate-file" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", + "name": "Detonate File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", "Detonate File - ThreatGrid" ] } - }, + }, { "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", + "name": "D2 - Endpoint data collection", "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", "AreValuesEqual" ] } - }, + }, { "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", + "name": "Enrichment Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", + "Print", + "FileReputation", + "IPReputation", + "Exists", "URLReputation" ] } - }, + }, { "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", "ews-o365-start-compliance-search" ] } - }, + }, { "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ "GetIndicatorDBotScore" ] } - }, + }, { "playbook0": { - "name": "Default", - "fromversion": "3.5.0", + "name": "Default", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", + "name": "ATD - Detonate File", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", + "joe-download-report", + "joe-analysis-info", "joe-analysis-submit-sample" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", + "IsIPInRanges", + "IPReputation", "Exists" ] } - }, + }, { "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "SandboxDetonateFile", + "Print", + "SandboxDetonateFile", "Exists" ] } - }, + }, { "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", + "joe-download-report", "joe-analysis-submit-sample" ] } - }, + }, { "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBFindHash", + "CBFindHash", "Exists" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "Endpoint data collection": { - "name": "Endpoint data collection", + "name": "Endpoint data collection", "implementing_scripts": [ "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", "D2 - Endpoint data collection" ] } - }, + }, { "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Cylance Protect", "Get File Sample From Hash - Carbon Black Enterprise Response" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", + "threat-grid-upload-sample", "threat-grid-get-samples-state" ] } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": "4.1.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } } - ], + ], "integrations": [ { "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", "cybereason-update-malop-status" ] } - }, + }, { "Giphy": { - "name": "Giphy", + "name": "Giphy", "commands": [ "giphy" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", "nw-broker-mon" ] } - }, + }, { "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", "reversinglabs-download-unpacked" ] } - }, + }, { "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", "vmware-get-events" ] } - }, + }, { "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", "archer-get-user-id" ] } - }, + }, { "vmray": { - "name": "vmray", + "name": "vmray", "commands": [ - "upload_sample", - "get_results", + "upload_sample", + "get_results", "get_job_sample" ] } - }, + }, { "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", "jira-delete-issue" ] } - }, + }, { "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", "verodin-job-cancel" ] } - }, + }, { "dnstwist": { - "name": "dnstwist", + "name": "dnstwist", "commands": [ "dnstwist-domain-variations" ] } - }, + }, { "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", "ews-move-item" ] } - }, + }, { "OpenPhish": { - "name": "OpenPhish", + "name": "OpenPhish", "commands": [ - "url", - "openphish-reload", + "url", + "openphish-reload", "openphish-status" ] } - }, + }, { "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", "nsm-get-attacks" ] } - }, + }, { "ipinfo": { - "name": "ipinfo", + "name": "ipinfo", "commands": [ - "ip", + "ip", "ipinfo_field" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", "demisto-delete-incidents" ] } - }, + }, { "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", "satp-incidents" ] } - }, + }, { "McAfee Active Response": { - "name": "McAfee Active Response", + "name": "McAfee Active Response", "commands": [ - "mar-search", - "mar-collectors-list", + "mar-search", + "mar-collectors-list", "mar-search-multiple" ] } - }, + }, { "Aella Star Light": { - "name": "Aella Star Light", + "name": "Aella Star Light", "commands": [ "aella-get-event" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "Cisco CloudLock": { - "name": "Cisco CloudLock", + "name": "Cisco CloudLock", "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", + "cloudlock-get-users", + "cloudlock-get-user-apps", "cloudlock-get-activities" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", "cb-push-file-to-endpoint" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", + "name": "Pipl", + "fromversion": "3.5.0", "commands": [ - "pipl-search", + "pipl-search", "email" ] } - }, + }, { "Forcepoint": { - "name": "Forcepoint", + "name": "Forcepoint", "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", "fp-delete-address-from-category" ] } - }, + }, { "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", "fireeye-hx-get-host-set-information" ] } - }, + }, { "Threat Crowd": { - "name": "Threat Crowd", + "name": "Threat Crowd", "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", "threat-crowd-file" ] } - }, + }, { "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", + "name": "Palo Alto AppFramework", "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", "pan-appframework-search-by-file-hash" ] } - }, + }, { "Phishme Intelligence": { - "name": "Phishme Intelligence", + "name": "Phishme Intelligence", "commands": [ - "url", - "file", - "ip", - "phishme-search", + "url", + "file", + "ip", + "phishme-search", "email" ] } - }, + }, { "Remedy AR": { - "name": "Remedy AR", + "name": "Remedy AR", "commands": [ "remedy-get-server-details" ] } - }, + }, { "Intezer": { - "name": "Intezer", + "name": "Intezer", "commands": [ - "file", + "file", "intezer-upload" ] } - }, + }, { "AlgoSec": { - "name": "AlgoSec", + "name": "AlgoSec", "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", "algosec-query" ] } - }, + }, { "Zoom": { - "name": "Zoom", + "name": "Zoom", "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", "zoom-delete-user" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", "threat-grid-get-analysis-processes" ] } - }, + }, { "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", "qradar-delete-reference-set-value" ] } - }, + }, { "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", "splunk-parse-raw" ] } - }, + }, { "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", "domain" ] } - }, + }, { "LogRhythm": { - "name": "LogRhythm", + "name": "LogRhythm", "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", "lr-get-alarms" ] } - }, + }, { "Service Manager": { - "name": "Service Manager", + "name": "Service Manager", "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", "hpsm-get-device" ] } - }, + }, { "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Netskope": { - "name": "Netskope", + "name": "Netskope", "commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "McAfee Web Gateway": { - "name": "McAfee Web Gateway", + "name": "McAfee Web Gateway", "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", "mwg-delete-entry" ] } - }, + }, { "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", "as-search" ] } - }, + }, { "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", "cb-watchlist" ] } - }, + }, { "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", "zscaler-get-whitelist" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", "fe-config" ] } - }, + }, { "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", "device" ] } - }, + }, { "Skyformation": { - "name": "Skyformation", + "name": "Skyformation", "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", + "skyformation-get-accounts", + "skyformation-suspend-user", "skyformation-unsuspend-user" ] } - }, + }, { "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", "cisco-spark-send-message-to-room" ] } - }, + }, { "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", "as-case-delete" ] } - }, + }, { "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", "nexpose-get-scans" ] } - }, + }, { "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", "cylance-protect-delete-devices" ] } - }, + }, { "Cyber Triage": { - "name": "Cyber Triage", + "name": "Cyber Triage", "commands": [ "ct-triage-endpoint" ] } - }, + }, { "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", "endgame-investigation-status" ] } - }, + }, { "Kenna": { - "name": "Kenna", + "name": "Kenna", "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", "kenna-update-vulnerability" ] } - }, + }, { "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", "meraki-update-firewall-rules" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AWS Sagemaker": { - "name": "AWS Sagemaker", + "name": "AWS Sagemaker", "commands": [ "predict-phishing" ] } - }, + }, { "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", "crowdstrike-submit-file-by-url" ] } - }, + }, { "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", "domainProfile" ] } - }, + }, { "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", "jask-search-entities" ] } - }, + }, { "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", + "name": "Server Message Block (SMB)", "commands": [ "smb-download" ] } - }, + }, { "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", "esm-list-alarm-events" ] } - }, + }, { "nmap": { - "name": "nmap", + "name": "nmap", "commands": [ "nmap-scan" ] } - }, + }, { "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", + "name": "ReversingLabs Titanium Cloud", "commands": [ "file" ] } - }, + }, { "Farsight DNSDB": { - "name": "Farsight DNSDB", + "name": "Farsight DNSDB", "commands": [ - "dnsdb-rdata", + "dnsdb-rdata", "dnsdb-rrset" ] } - }, + }, { "Symantec MSS": { - "name": "Symantec MSS", + "name": "Symantec MSS", "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", + "symantec-mss-update-incident", + "symantec-mss-get-incident", "symantec-mss-incidents-list" ] } - }, + }, { "EWS Mail Sender": { - "name": "EWS Mail Sender", + "name": "EWS Mail Sender", "commands": [ "send-mail" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", "wildfire-upload-file-remote" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", "microsoft-atp-list-alerts" ] } - }, + }, { "Mail Sender (New)": { - "name": "Mail Sender (New)", + "name": "Mail Sender (New)", "commands": [ "send-mail" ] } - }, + }, { "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", "attivo-list-users" ] } - }, + }, { "Sample Incident Generator": { "name": "Sample Incident Generator" } - }, + }, { "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", + "name": "Hybrid Analysis", + "fromversion": "3.6.1", "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", "hybrid-analysis-detonate-file" ] } - }, + }, { "Anomali ThreatStream": { - "name": "Anomali ThreatStream", + "name": "Anomali ThreatStream", "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", "ip" ] } - }, + }, { "PacketMail": { - "name": "PacketMail", + "name": "PacketMail", "commands": [ "packetmail-ip" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", "umbrella-get-url-timeline" ] } - }, + }, { "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", "cbd-set-policy" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", + "name": "OPSWAT-Metadefender", "commands": [ - "opswat-hash", - "opswat-scan-file", + "opswat-hash", + "opswat-scan-file", "opswat-scan-result" ] } - }, + }, { "ActiveMQ": { - "name": "ActiveMQ", + "name": "ActiveMQ", "commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", + "name": "Cisco Email Security Appliance (IronPort)", "commands": [ "ironport-report" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "IsItPhishing": { - "name": "IsItPhishing", + "name": "IsItPhishing", "commands": [ "url" ] } - }, + }, { "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", "okta-update-user" ] } - }, + }, { "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", "aws-ec2-modify-instance-attribute" ] } - }, + }, { "Blockade.io": { - "name": "Blockade.io", + "name": "Blockade.io", "commands": [ - "blockade-get-indicators", + "blockade-get-indicators", "blockade-add-indicators" ] } - }, + }, { "AlphaSOC Network Behavior Analytics": { "name": "AlphaSOC Network Behavior Analytics" } - }, + }, { "Recorded Future": { - "name": "Recorded Future", + "name": "Recorded Future", "commands": [ - "domain", - "ip", - "file", + "domain", + "ip", + "file", "recorded-future-get-related-entities" ] } - }, + }, { "CVE Search": { - "name": "CVE Search", + "name": "CVE Search", "commands": [ - "cve-search", + "cve-search", "cve-latest" ] } - }, + }, { "SNDBOX": { - "name": "SNDBOX", + "name": "SNDBOX", "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", "sndbox-download-sample" ] } - }, + }, { "Demisto Lock": { - "name": "Demisto Lock", + "name": "Demisto Lock", "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", "demisto-lock-release-all" ] } - }, + }, { "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", "f5-list-all-user-sessions" ] } - }, + }, { "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", "mimecast-download-attachments" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", "redcanary-get-detection" ] } - }, + }, { "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", "joe-download-sample" ] } - }, + }, { "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", "aws-cloudtrail-lookup-events" ] } - }, + }, { "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", "threatexchange-members" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", "secure-works-get-tickets-ids" ] } - }, + }, { "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", "aws-get-ebs-volume-info" ] } - }, + }, { "ArcSight XML": { - "name": "ArcSight XML", + "name": "ArcSight XML", "commands": [ - "arcsight-update-case", + "arcsight-update-case", "arcsight-fetch-xml" ] } - }, + }, { "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", "vt-comments-get" ] } - }, + }, { "MxToolBox": { - "name": "MxToolBox", + "name": "MxToolBox", "commands": [ "mxtoolbox" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", "lcm-host-autoruns" ] } - }, + }, { "Packetsled": { - "name": "Packetsled", + "name": "Packetsled", "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", "packetsled-get-events" ] } - }, + }, { "Censys": { - "name": "Censys", + "name": "Censys", "commands": [ - "cen-view", + "cen-view", "cen-search" ] } - }, + }, { "Imperva Skyfence": { - "name": "Imperva Skyfence", + "name": "Imperva Skyfence", "commands": [ - "imp-sf-list-endpoints", + "imp-sf-list-endpoints", "imp-sf-set-endpoint-status" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", "minemeld-get-all-miners-names" ] } - }, + }, { "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", + "name": "GoogleSafeBrowsing", "commands": [ "url" ] } - }, + }, { "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", "salesforce-delete-case" ] } - }, + }, { "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", "scadafence-getAllConnections" ] } - }, + }, { "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", "hashicorp-create-token" ] } - }, + }, { "Proofpoint TAP": { - "name": "Proofpoint TAP", + "name": "Proofpoint TAP", "commands": [ "proofpoint-get-events" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", "threat-grid-get-specific-feed" ] } - }, + }, { "iDefense": { - "name": "iDefense", + "name": "iDefense", "commands": [ - "ip", - "domain", - "url", - "idefense-general", + "ip", + "domain", + "url", + "idefense-general", "uuid" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Venafi": { - "name": "Venafi", + "name": "Venafi", "commands": [ - "venafi-get-certificates", + "venafi-get-certificates", "venafi-get-certificate-details" ] } - }, + }, { "CyberArkAIM": { - "name": "CyberArkAIM", + "name": "CyberArkAIM", "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", "account-details" ] } - }, + }, { "Autofocus": { - "name": "Autofocus", + "name": "Autofocus", "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", "file" ] } - }, + }, { "AbuseIPDB": { - "name": "AbuseIPDB", + "name": "AbuseIPDB", "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", "abuseipdb-get-categories" ] } - }, + }, { "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", + "name": "McAfee Threat Intelligence Exchange", "commands": [ - "file", - "tie-set-file-reputation", + "file", + "tie-set-file-reputation", "tie-file-references" ] } - }, + }, { "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", "checkpoint-delete-rule" ] } - }, + }, { "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", "PagerDuty-acknowledge-event" ] } - }, + }, { "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", "gmail-add-filter" ] } - }, + }, { "Centreon": { - "name": "Centreon", + "name": "Centreon", "commands": [ - "centreon-get-host-status", + "centreon-get-host-status", "centreon-get-service-status" ] } - }, + }, { "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", "netwitness-blacklist-domains" ] } - }, + }, { "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", "pt-ssl-cert-search" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", "so-reslove-threats" ] } - }, + }, { "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", "amp_get_version" ] } - }, + }, { "AWS - SQS": { - "name": "AWS - SQS", + "name": "AWS - SQS", "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", "aws-sqs-purge-queue" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", "cb-terminate-process" ] } - }, + }, { "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", "aws-route53-upsert-record" ] } - }, + }, { "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", "tn-get-action" ] } - }, + }, { "FireEye ETP": { - "name": "FireEye ETP", + "name": "FireEye ETP", "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", "fireeye-etp-get-alert" ] } - }, + }, { "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", "vigilante-account-usage-info" ] } - }, + }, { "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", "rs-incidents-get-tasks" ] } - }, + }, { "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", "aws-iam-delete-account-alias" ] } - }, + }, { "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", "sep-client-content" ] } - }, + }, { "SumoLogic": { - "name": "SumoLogic", + "name": "SumoLogic", "commands": [ "search" ] } - }, + }, { "Pwned": { - "name": "Pwned", + "name": "Pwned", "commands": [ - "pwned-email", - "pwned-domain", + "pwned-email", + "pwned-domain", "email" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", + "name": "urlscan.io", + "toversion": "3.1.0", "commands": [ - "url", - "ip", - "file", + "url", + "ip", + "file", "urlscan-submit" ] } - }, + }, { "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", "lastline-get-task-list" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", + "name": "urlscan.io", + "fromversion": "3.5.0", "commands": [ - "urlscan-search", - "urlscan-submit", + "urlscan-search", + "urlscan-submit", "url" ] } - }, + }, { "OpsGenie": { - "name": "OpsGenie", + "name": "OpsGenie", "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", "opsgenie-get-schedule-timeline" ] } - }, + }, { "McAfeeDAM": { - "name": "McAfeeDAM", + "name": "McAfeeDAM", "commands": [ - "dam-get-alert-by-id", + "dam-get-alert-by-id", "dam-get-latest-by-rule" ] } - }, + }, { "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", "okta-get-group-members" ] } - }, + }, { "Devo": { - "name": "Devo", + "name": "Devo", "commands": [ "devo-query" ] } - }, + }, { "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", "aws-securityhub-update-finding" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "RedLock": { - "name": "RedLock", + "name": "RedLock", "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", "redlock-list-alert-filters" ] } - }, + }, { "Whois": { - "name": "Whois", - "fromversion": "4.1.0", + "name": "Whois", + "fromversion": "4.1.0", "commands": [ "whois" ] } - }, + }, { "SafeBreach": { - "name": "SafeBreach", + "name": "SafeBreach", "commands": [ - "safebreach-rerun", + "safebreach-rerun", "safebreach-get-simulation" ] } - }, + }, { "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", + "name": "AlphaSOC Wisdom", "commands": [ - "wisdom-domain-flags", + "wisdom-domain-flags", "wisdom-ip-flags" ] } - }, + }, { "jamf": { - "name": "jamf", + "name": "jamf", "commands": [ - "jamf-get-computers", + "jamf-get-computers", "jamf-get-computers-match" ] } - }, + }, { "CIRCL": { - "name": "CIRCL", + "name": "CIRCL", "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-ssl-get-certificate" ] } - }, + }, { "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", "panorama-push-status" ] } - }, + }, { "icebrg": { - "name": "icebrg", + "name": "icebrg", "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", "icebrg-get-report-assets" ] } - }, + }, { "EasyVista": { - "name": "EasyVista", + "name": "EasyVista", "commands": [ "easy-vista-search" ] } - }, + }, { "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", "tc-get-incident-associate-indicators" ] } - }, + }, { "BitDam": { - "name": "BitDam", + "name": "BitDam", "commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", "aws-s3-upload-file" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", "atd-login" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", + "name": "Mimecast", + "fromversion": "1.6.2", "commands": [ "mimecast-query" ] } - }, + }, { "Shodan": { - "name": "Shodan", + "name": "Shodan", "commands": [ - "search", + "search", "ip" ] } - }, + }, { "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", "aws-gd-update-findings-feedback" ] } - }, + }, { "Mimecast Authentication": { - "name": "Mimecast Authentication", + "name": "Mimecast Authentication", "commands": [ - "mimecast-login", - "mimecast-discover", + "mimecast-login", + "mimecast-discover", "mimecast-refresh-token" ] } - }, + }, { "malwr": { - "name": "malwr", - "fromversion": "3.0.0", + "name": "malwr", + "fromversion": "3.0.0", "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", + "malwr-submit", + "malwr-status", + "malwr-result", "malwr-detonate" ] } - }, + }, { "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", "cs-detection-details" ] } - }, + }, { "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", "servicenow-get-table-name" ] } - }, + }, { "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", "tenable-sc-get-system-information" ] } - }, + }, { "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", "gvault-get-groups-results" ] } - }, + }, { "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", "internal-misp-add-attribute" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", "box_files_get_info" ] } - }, + }, { "Remedy On-Demand": { - "name": "Remedy On-Demand", + "name": "Remedy On-Demand", "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", "remedy-incident-update" ] } - }, + }, { "Rasterize": { - "name": "Rasterize", + "name": "Rasterize", "commands": [ - "rasterize", - "rasterize-email", + "rasterize", + "rasterize-email", "rasterize-image" ] } - }, + }, { "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", "fortigate-delete-address-group" ] } - }, + }, { "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", "rtir-add-reply" ] } - }, + }, { "Tenable.io": { - "name": "Tenable.io", + "name": "Tenable.io", "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", "tenable-io-get-scan-status" ] } - }, + }, { "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", "sw-list-sessions" ] } - }, + }, { "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", "ews-o365-get-compliance-search-purge-status" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", "secure-works-get-ticket-count" ] } - }, + }, { "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", + "name": "Luminate", + "fromversion": "0.0.0", "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", "lum-get-ssh-access-logs" ] } - }, + }, { "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", "vt-private-download-file" ] } - }, + }, { "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", + "name": "Guidance Encase Endpoint", "commands": [ - "encase-copyjob", - "encase-snapshot", + "encase-copyjob", + "encase-snapshot", "encase-verifyhash" ] } - }, + }, { "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", "incap-get-app-info" ] } - }, + }, { "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", "cve-latest" ] } - }, + }, { "Cymon": { - "name": "Cymon", + "name": "Cymon", "commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", "atd-check-status" ] } - }, + }, { "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", "aws-logs-describe-metric-filters" ] } - }, + }, { "Microsoft Graph": { - "name": "Microsoft Graph", + "name": "Microsoft Graph", "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", "msg-get-user" ] } - }, + }, { "Secdo": { - "name": "Secdo", + "name": "Secdo", "commands": [ "secdo-add-IOCs" ] } - }, + }, { "Preempt": { - "name": "Preempt", + "name": "Preempt", "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", "preempt-get-alerts" ] } - }, + }, { "PostgreSQL": { - "name": "PostgreSQL", + "name": "PostgreSQL", "commands": [ "pgsql-query" ] } - }, + }, { "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", "epo-get-version" ] } - }, + }, { "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", "grr_set_hunts" ] } - }, + }, { "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", "nessus-scan-status" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", "ds-get-tags" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", "fe-submit-url-result" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", "nw-database-dump" ] } - }, + }, { "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", + "name": "RSA NetWitness v11.1", "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", "netwitness-get-alerts" ] } - }, + }, { "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", "smg-get-blocked-ips" ] } - }, + }, { "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", + "name": "OTRS", + "fromversion": "4.1.0", "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", "otrs-close-ticket" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", "cp-get-policy-details" ] } - }, + }, { "TCPIPUtils": { - "name": "TCPIPUtils", + "name": "TCPIPUtils", "commands": [ "ip" ] } - }, + }, { "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", "netwitness-im-get-alert-original" ] } - }, + }, { "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", + "name": "Where is the egg?", + "fromversion": "3.6.0", "commands": [ "clue" ] } - }, + }, { "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", "jira-issue-add-link" ] } - }, + }, { "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", "vec-get-detetctions-by-id" ] } - }, + }, { "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", + "name": "Twilio", + "fromversion": "2.5.0", "commands": [ "TwilioSendSMS" ] } - }, + }, { "PhishTank": { - "name": "PhishTank", + "name": "PhishTank", "commands": [ - "url", - "phishtank-reload", + "url", + "phishtank-reload", "phishtank-status" ] } - }, + }, { "FireEye iSIGHT": { - "name": "FireEye iSIGHT", + "name": "FireEye iSIGHT", "commands": [ - "ip", - "domain", - "file", - "isight-get-report", + "ip", + "domain", + "file", + "isight-get-report", "isight-submit-file" ] } - }, + }, { "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", "bigfix-query" ] } - }, + }, { "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", + "name": "Phish.AI", + "fromversion": "4.0.0", "commands": [ - "phish-ai-scan-url", + "phish-ai-scan-url", "phish-ai-check-status" ] } - }, + }, { "Koodous": { - "name": "Koodous", + "name": "Koodous", "commands": [ "k-check-hash" ] } - }, + }, { "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", "intsights-close-alert" ] } } - ], + ], "TestPlaybooks": [ { "SignalSciences Test": { - "name": "SignalSciences Test", + "name": "SignalSciences Test", "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", "sigsci-whitelist-remove-ip" ] } - }, + }, { "Microsoft Graph Test": { - "name": "Microsoft Graph Test", + "name": "Microsoft Graph Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", + "msg-search-alerts", + "msg-update-alert", "msg-get-alert-details" ] } - }, + }, { "Mail Sender (New) Test": { - "name": "Email Sender Python", + "name": "Email Sender Python", "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", + "Set", + "FileCreateAndUpload", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", "send-mail" ] } - }, + }, { "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", "ExtractURL" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "PortListenCheck-test": { - "name": "PortListenCheck-test", + "name": "PortListenCheck-test", "implementing_scripts": [ - "Print", + "Print", "PortListenCheck" ] } - }, + }, { "Qualys-Test": { - "name": "Qualys-Test", + "name": "Qualys-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", "qualys-report-list" ] } - }, + }, { "Pipl Test": { - "name": "Pipl Test", + "name": "Pipl Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "pipl-search" ] } - }, + }, { "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", "AreValuesEqual" - ], + ], "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", "splunk-get-indexes" ] } - }, + }, { "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", + "name": "CbP-PlayBook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", "cbp-fileAnalysis-get" ] } - }, + }, { "test_url_regex": { - "name": "Test URL Regex", + "name": "Test URL Regex", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" ] } - }, + }, { "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", + "name": "Test - PhishMe", "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", + "url", + "phishme-search", + "email", + "file", "ip" ] } - }, + }, { "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", + "name": "AWS - Route53 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", "aws-route53-list-hosted-zones" ] } - }, + }, { "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", + "name": "EWS Mail Sender Test", "implementing_scripts": [ "http" - ], + ], "implementing_commands": [ "send-mail" ] } - }, + }, { "Icebrg Test": { - "name": "Icebrg Test", + "name": "Icebrg Test", "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", "icebrg-get-report-indicators" ] } - }, + }, { "tenable-sc-scan-test": { - "name": "Test tenable scan", + "name": "Test tenable scan", "implementing_playbooks": [ "Launch Scan - Tenable.sc" ] } - }, + }, { "VMWare Test": { - "name": "VMWare Test", + "name": "VMWare Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", "vmware-get-vms" ] } - }, + }, { "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", + "name": "OpenPhish Test Playbook", "implementing_scripts": [ - "Print", - "CloseInvestigation", + "Print", + "CloseInvestigation", "Exists" - ], + ], "implementing_commands": [ - "url", + "url", "openphish-status" ] } - }, + }, { "Intezer Testing": { - "name": "Intezer Testing", + "name": "Intezer Testing", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "intezer-upload", + "intezer-upload", "file" ] } - }, + }, { "test-domain-indicator": { - "name": "test-domain-indicator", + "name": "test-domain-indicator", "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", + "Print", + "GetIndicatorDBotScore", "Sleep" ] } - }, + }, { "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "IP Enrichment - Generic" ] } - }, + }, { "Nessus - Test": { - "name": "Nessus - Test", + "name": "Nessus - Test", "implementing_scripts": [ "WhileLoop" - ], + ], "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", "nessus-scan-details" ] } - }, + }, { "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", + "name": "AWS - EC2 Test Playbook actions", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", "aws-ec2-stop-instances" ] } - }, + }, { "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", + "name": "Google Vault Generic Test", "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", + "VerifyContext", + "GeneratePassword", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", "gvault-create-export-groups" ] } - }, + }, { "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "CVE Enrichment - Generic" ] } - }, + }, { "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", + "name": "ReadPDFFile-Test", "implementing_scripts": [ - "DeleteContext", - "http", + "DeleteContext", + "http", "ReadPDFFile" ] } - }, + }, { "RegexGroups Test": { - "name": "RegexGroups Test", + "name": "RegexGroups Test", "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", + "RaiseError", + "VerifyContext", + "Set", "DeleteContext" ] } - }, + }, { "GmailTest": { - "name": "GmailTest", + "name": "GmailTest", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", "gmail-search" ] } - }, + }, { "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", + "name": "Extract Indicators From File - test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "http" - ], + ], "implementing_playbooks": [ "Extract Indicators From File - Generic" ] } - }, + }, { "Kenna Test": { - "name": "Kenna Test", + "name": "Kenna Test", "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", "kenna-get-connectors" ] } - }, + }, { "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", + "name": "AWS - CloudTrail Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", "aws-cloudtrail-stop-logging" ] } - }, + }, { "test_Qradar": { - "name": "test_Qradar", + "name": "test_Qradar", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], + ], "implementing_playbooks": [ "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", "qradar-delete-reference-set-value" ] } - }, + }, { "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", + "name": "Centreon-Test-Playbook", "implementing_commands": [ "centreon-get-host-status" ] } - }, + }, { "ssdeepreputationtest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", "SSDeepReputation" ] } - }, + }, { "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", + "name": "CrowdStrike FalconHost Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", + "cs-device-ran-on", + "cs-device-search", "cs-device-details" ] } - }, + }, { "dnstwistTest": { - "name": "dnstwistTest", + "name": "dnstwistTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "dnstwist-domain-variations" ] } - }, + }, { "IPInfoTest": { - "name": "IPInfoTest", + "name": "IPInfoTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "Netskope Test": { - "name": "Netskope Test", + "name": "Netskope Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Entity Enrichment - Generic" ] } - }, + }, { "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", + "name": "CrowdStrike Falcon Intel v2", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", "cs-reports" ] } - }, + }, { "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - TIE" ] } - }, + }, { "nexpose_test": { - "name": "Nexpose test", + "name": "Nexpose test", "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", + "GenerateUUID", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", "nexpose-get-scans" ] } - }, + }, { "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", + "name": "cisco-ise-test-playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "cisco-ise-get-endpoints" ] } - }, + }, { "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", + "name": "Carbon Black Response Test", "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", + "CarbonBlackResponseFilterSensors", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", "cb-alert" ] } - }, + }, { "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", + "VerifyContext", + "CreateDuplicateIncident", "DeleteContext" - ], + ], "implementing_playbooks": [ "Dedup - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "VxStream Test": { - "name": "VxStream Test", + "name": "VxStream Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", + "VerifyContext", + "DeleteContext", + "http", "Exists" - ], + ], "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", "crowdstrike-search" ] } - }, + }, { "PhishTank Testing": { - "name": "PhishTank Testing", + "name": "PhishTank Testing", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", + "DeleteContext", + "VerifyContext", + "Set", + "http", "ReadFile" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "BigFixTest": { - "name": "BigFixTest", + "name": "BigFixTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", "bigfix-deploy-patch" ] } - }, + }, { "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", + "name": "Cisco-Meraki-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", "meraki-fetch-organization-inventory" ] } - }, + }, { "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "URL Enrichment - Generic" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "CheckpointFW-test": { - "name": "CheckpointFW-test", + "name": "CheckpointFW-test", "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", "CheckpointFWCreateBackup" - ], + ], "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", "checkpoint-show-hosts" ] } - }, + }, { "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", + "name": "Test Playbook McAfee ATD", "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", + "FileCreateAndUpload", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Detonate URL - McAfee ATD", + "Detonate URL - McAfee ATD", "ATD - Detonate File" - ], + ], "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", + "atd-list-analyzer-profiles", + "atd-login", "atd-list-user" ] } - }, + }, { "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", + "name": "Cisco-Umbrella-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", "umbrella-domain-categorization" ] } - }, + }, { "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", + "name": "Test Playbook McAfee ePO", "implementing_scripts": [ - "RaiseError", + "RaiseError", "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", "epo-query-table" ] } - }, + }, { "grr_test": { - "name": "GRR Test", + "name": "GRR Test", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", "grr-get-flows" ] } - }, + }, { "RTIR Test": { - "name": "RTIR Test", + "name": "RTIR Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", "rtir-search-ticket" ] } - }, + }, { "GeneratePassword-Test": { - "name": "GeneratePassword-Test", + "name": "GeneratePassword-Test", "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", + "Print", + "GeneratePassword", + "DeleteContext", "Exists" ] } - }, + }, { "EWS Public Folders Test": { - "name": "EWS Public Folders Test", + "name": "EWS Public Folders Test", "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", "ews-get-folder" ] } - }, + }, { "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Account Enrichment - Generic" ] } - }, + }, { "TestStringReplace": { - "name": "TestStringReplace", + "name": "TestStringReplace", "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", + "StringReplace", + "VerifyContextFields", "DeleteContext" ] } - }, + }, { "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", + "name": "EWSv2_empty_attachment_test", "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - CrowdStrike" ] } - }, + }, { "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", + "name": "IBM Resilient Systems Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", "rs-incident-artifacts" ] } - }, + }, { "whois_test": { - "name": "whois_test", + "name": "whois_test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "whois" ] } - }, + }, { "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", + "name": "MxToolbox_test", "implementing_scripts": [ - "CloseInvestigation", - "Exists", + "CloseInvestigation", + "Exists", "ToTable" - ], + ], "implementing_commands": [ "mxtoolbox" ] } - }, + }, { "Jira-Test": { - "name": "Jira-Test", + "name": "Jira-Test", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", + "VerifyContextFields", + "VerifyContext", + "DeleteContext", "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", "jira-get-issue" ] } - }, + }, { "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", + "name": "AWS - EC2 Test Playbook ", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", "aws-ec2-describe-addresses" ] } - }, + }, { "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", + "name": "palo_alto_firewall_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_playbooks": [ "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", "panorama-delete-address" ] } - }, + }, { "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", + "name": "Google Safe Browsing Test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "CloseInvestigation" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "Tenable.io test": { - "name": "Tenable.io test", + "name": "Tenable.io test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", "tenable-io-get-scan-status" ] } - }, + }, { "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", + "name": "JoeSecurityTestPlaybook", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", "joe-analysis-submit-url" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "OTRS Test": { - "name": "OTRS Test", + "name": "OTRS Test", "implementing_scripts": [ "FetchFromInstance" - ], + ], "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", "otrs-get-ticket" ] } - }, + }, { "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", + "name": "Get Original Email - Gmail - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - Gmail" ] } - }, + }, { "TestHPServiceManager": { - "name": "TestHPServiceManager", + "name": "TestHPServiceManager", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", "hpsm-get-incident-by-id" ] } - }, + }, { "AbuseIPDB Test": { - "name": "AbuseIPDB Test", + "name": "AbuseIPDB Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", "abuseipdb-report-ip" ] } - }, + }, { "TestIsValueInArray": { - "name": "TestIsValueInArray", + "name": "TestIsValueInArray", "implementing_scripts": [ - "CloseInvestigation", - "Set", + "CloseInvestigation", + "Set", "IsValueInArray" ] } - }, + }, { "GsuiteTest": { - "name": "test-Gsuite", + "name": "test-Gsuite", "implementing_scripts": [ "VerifyContextFields" - ], + ], "implementing_commands": [ "googleapps-list-users" ] } - }, + }, { "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", + "name": "Cisco Spark Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", "cisco-spark-list-rooms" ] } - }, + }, { "iDefenseTest": { - "name": "iDefenseTest", + "name": "iDefenseTest", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "uuid" ] } - }, + }, { "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", + "name": "Block Indicators - Generic - Test", "implementing_playbooks": [ "Block Indicators - Generic" ] } - }, + }, { "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", "netwitness-query" ] } - }, + }, { "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", + "name": "Google Vault - Search And Display Results test", "implementing_scripts": [ - "GeneratePassword", + "GeneratePassword", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", "Google Vault - Search Drive" ] } - }, + }, { "URLDecode-Test": { - "name": "URLDecode-Test", + "name": "URLDecode-Test", "implementing_scripts": [ - "URLDecode", + "URLDecode", "DeleteContext" ] } - }, + }, { "Zscaler Test": { - "name": "Zscaler Test", + "name": "Zscaler Test", "implementing_scripts": [ - "GenerateUUID", + "GenerateUUID", "isError" - ], + ], "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", "zscaler-category-add-url" ] } - }, + }, { "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", + "name": "urlscan_malicious_Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ "urlscan-search" ] } - }, + }, { "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", + "name": "DemistoUploadFileToIncident Test", "implementing_scripts": [ - "DemistoUploadFileToIncident", + "DemistoUploadFileToIncident", "http" ] } - }, + }, { "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", + "name": "ParseEmailFiles-test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", "ParseEmailFiles" ] } - }, + }, { "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentSet", - "DeleteContext", + "IncidentSet", + "DeleteContext", "VerifyContext" - ], + ], "implementing_playbooks": [ "Extract Indicators - Generic" ] } - }, + }, { "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", + "name": "listExecutedCommands-Test", "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", "AreValuesEqual" ] } - }, + }, { "Phishing test - Inline": { - "name": "Phishing test - Inline", + "name": "Phishing test - Inline", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", + "name": "Tenable.io Scan Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Tenable.io Scan" ] } - }, + }, { "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", + "name": "AlphaSOC Wisdom Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "wisdom-ip-flags", + "wisdom-ip-flags", "wisdom-domain-flags" ] } - }, + }, { "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", + "name": "pyEWS_Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", "ews-search-mailboxes" ] } - }, + }, { "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", + "name": "virusTotal-test-playbook", "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", + "Set", + "VerifyContext", + "DeleteContext", "Exists" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", + "name": "Calculate Severity - Critical assets - Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ADGetUser" - ], + ], "implementing_playbooks": [ "Calculate Severity - Critical assets" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Response" ] } - }, + }, { "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", + "name": "TestGetDuplicatesIncidentsByMl", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", "TestCreateDuplicates" ] } - }, + }, { "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", + "name": "LogRhythm-Test-Playbook", "implementing_commands": [ "lr-get-alarms" ] } - }, + }, { "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", + "name": "Test Similar Incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", "FindSimilarIncidents" ] } - }, + }, { "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", + "name": "AWS - CloudWatchLogs Test Playbook_copy", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", "aws-logs-delete-retention-policy" ] } - }, + }, { "TestSkyformation": { - "name": "TestSkyformation", + "name": "TestSkyformation", "implementing_scripts": [ "TestFail" - ], + ], "implementing_commands": [ "skyformation-get-accounts" ] } - }, + }, { "EWS test": { - "name": "EWS test", + "name": "EWS test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", "ews-delete-items" ] } - }, + }, { "ShodanTest": { - "name": "ShodanTest", + "name": "ShodanTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", + "name": "Sandblast malicious test", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "echo" - ], + ], "implementing_commands": [ - "sandblast-query", + "sandblast-query", "sandblast-upload" ] } - }, + }, { "minemeld_test": { - "name": "Palo Alto MineMeld Test", + "name": "Palo Alto MineMeld Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", "minemeld-get-indicator-from-miner" ] } - }, + }, { "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", + "name": "Archer-Test-Playbook", "implementing_scripts": [ - "VerifyContextFields", + "VerifyContextFields", "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", "archer-get-record" ] } - }, + }, { "LanguageDetect-Test": { - "name": "LanguageDetect-Test", + "name": "LanguageDetect-Test", "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", "Exists" ] } - }, + }, { "ThreatGridTest": { - "name": "ThreatGridTest", + "name": "ThreatGridTest", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", "threat-grid-upload-sample" ] } - }, + }, { "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate URL - Generic" ] } - }, + }, { "test-ThreatConnect": { - "name": "test-ThreatConnect", + "name": "test-ThreatConnect", "implementing_commands": [ "tc-owners" ] } - }, + }, { "TestMatchRegex": { - "name": "TestMatchRegex", + "name": "TestMatchRegex", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "MatchRegex" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Generic" ] } - }, + }, { "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", + "name": "Detonate File - SNDBOX - Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - SNDBOX" ] } - }, + }, { "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", + "name": "Create Phishing Classifier ML Test", "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", "TestCreateIncidents" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" ] } - }, + }, { "CirclIntegrationTest": { - "name": "CIRCL Test", + "name": "CIRCL Test", "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", + "VerifyHumanReadableContains", + "PrintErrorEntry", "isError" - ], + ], "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-dns-get" ] } - }, + }, { "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", + "name": "ProofpointDecodeURL-Test", "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", "AreValuesEqual" ] } - }, + }, { "FireEye HX Test": { - "name": "FireEye HX Test", + "name": "FireEye HX Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", "fireeye-hx-get-indicator" ] } - }, + }, { "hashicorp_test": { - "name": "hashicorp_test", + "name": "hashicorp_test", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", "hashicorp-reset-configuration" ] } - }, + }, { "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", + "DecodeMimeHeader", + "DeleteContext", "VerifyContext" ] } - }, + }, { "XFE Test": { - "name": "XFE Test", + "name": "XFE Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", + "VerifyContext", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", + "domain", + "url", + "ip", + "cve-latest", + "cve-search", "file" ] } - }, + }, { "Base64 File in List Test": { - "name": "Base64 File in List Test", + "name": "Base64 File in List Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Base64ListToFile" - ], + ], "implementing_commands": [ "setList" ] } - }, + }, { "Cybereason Test": { - "name": "Cybereason Test", + "name": "Cybereason Test", "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", + "FetchFromInstance", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", "cybereason-query-malops" ] } - }, + }, { "ActiveMQ Test": { - "name": "ActiveMQ Test", + "name": "ActiveMQ Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], + ], "implementing_commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "McAfeeNSMTest": { - "name": "McAfeeNSMTest", + "name": "McAfeeNSMTest", "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", "nsm-get-sensors" ] } - }, + }, { "SNDBOX_Test": { - "name": "SNDBOX_Test", + "name": "SNDBOX_Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", "sndbox-is-online" ] } - }, + }, { "Fortigate Test": { - "name": "Fortigate Test", + "name": "Fortigate Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", "fortigate-update-policy" ] } - }, + }, { "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "sep-endpoints-info" ] } - }, + }, { "awake_security_test_pb": { - "name": "awake_security_test_pb", + "name": "awake_security_test_pb", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", "email" ] } - }, + }, { "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", + "name": "nmap-test", "implementing_scripts": [ - "CloseInvestigation", - "Print", + "CloseInvestigation", + "Print", "Exists" - ], + ], "implementing_commands": [ "nmap-scan" ] } - }, + }, { "Detonate File - No Files test": { - "name": "Detonate File - No Files test", + "name": "Detonate File - No Files test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", "ExtractEmail" ] } - }, + }, { "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", + "name": "test-LinkIncidentsWithRetry", "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", + "Print", + "LinkIncidentsWithRetry", "AreValuesEqual" - ], + ], "implementing_commands": [ "createNewIncident" ] } - }, + }, { "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", + "name": "Autofocus_test", "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", + "CloseInvestigation", + "IsMaliciousIndicatorFound", "AreValuesEqual" - ], + ], "implementing_commands": [ - "autofocus-search-sessions", - "file", + "autofocus-search-sessions", + "file", "autofocus-search-samples" ] } - }, + }, { "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", + "name": "Remedy-On-Demand-Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", "remedy-incident-update" ] } - }, + }, { "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Generic" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "Test ParseCSV": { - "name": "Test ParseCSV", + "name": "Test ParseCSV", "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", "AreValuesEqual" ] } - }, + }, { "Preempt Test": { - "name": "Preempt Test", + "name": "Preempt Test", "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", "preempt-add-to-watch-list" ] } - }, + }, { "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", + "name": "playbook-Cymon_Test", "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", + "VerifyContext", + "StringContains", + "DeleteContext", "ValidateErrorExistence" - ], + ], "implementing_commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", + "name": "HTTPRedirectList Test", "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", + "CloseInvestigation", + "HTTPListRedirects", "AreValuesEqual" ] } - }, + }, { "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", + "name": "Tcpiputlis Test Playbook", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", + "name": "S3 Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", "aws-s3-delete-bucket" ] } - }, + }, { "buildewsquery_test": { - "name": "BuildEWSQuery Test", + "name": "BuildEWSQuery Test", "implementing_scripts": [ - "BuildEWSQuery", + "BuildEWSQuery", "VerifyContext" ] } - }, + }, { "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", + "name": "palo_alto_panorama_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", "panorama-delete-address" ] } - }, + }, { "okta_test_playbook": { - "name": "Okta test playbook", + "name": "Okta test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", "okta-get-group-assignments" ] } - }, + }, { "test_delete_context": { - "name": "Test Delete Context", + "name": "Test Delete Context", "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", + "RaiseError", + "Set", + "DeleteContext", "isError" ] } - }, + }, { "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", + "name": "JiraCreateIssue-example-test", "implementing_scripts": [ - "JiraCreateIssue-example", + "JiraCreateIssue-example", "DeleteContext" - ], + ], "implementing_commands": [ "jira-delete-issue" ] } - }, + }, { "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", + "name": "AttivoBotsinkTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", "attivo-list-playbooks" ] } - }, + }, { "email_test": { - "name": "Email Address Enrichment - Generic - Test", + "name": "Email Address Enrichment - Generic - Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Email Address Enrichment - Generic" ] } - }, + }, { "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", + "name": "Cisco Umbrella Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", "umbrella-get-domain-queryvolume" ] } - }, + }, { "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", + "name": "AWS - SQS Test Playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", "aws-sqs-delete-queue" ] } - }, + }, { "RedCanaryTest": { - "name": "RedCanaryTest", + "name": "RedCanaryTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", "redcanary-execute-playbook" ] } - }, + }, { "blockip_test_playbook": { - "name": "blockip_test_playbook", + "name": "blockip_test_playbook", "implementing_scripts": [ "BlockIP" ] } - }, + }, { "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Block Endpoint - Carbon Black Response" - ], + ], "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", + "cb-list-sensors", + "cb-unquarantine-device", "cb-sensor-info" ] } - }, + }, { "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", + "name": "ExportToCSV script test", + "fromversion": "3.6.0", "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", "ReadFile" ] } - }, + }, { "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - D2" ] } - }, + }, { "GetTime-Test": { - "name": "GetTime-Test", + "name": "GetTime-Test", "implementing_scripts": [ - "GetTime", - "DeleteContext", + "GetTime", + "DeleteContext", "MatchRegex" ] } - }, + }, { "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", + "name": "CreateEmailHtmlBody_test_pb", "implementing_scripts": [ - "CreateEmailHtmlBody", + "CreateEmailHtmlBody", "DeleteContext" - ], + ], "implementing_commands": [ "createList" ] } - }, + }, { "forcepoint test": { - "name": "forcepoint test", + "name": "forcepoint test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", "fp-delete-categories" ] } - }, + }, { "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-detection-search" ] } - }, + }, { "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" ] } - }, + }, { "TestHttpPlaybook": { - "name": "TestHttpPlaybook", + "name": "TestHttpPlaybook", "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", + "VerifyContextFields", + "DeleteContext", "http" ] } - }, + }, { "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", + "name": "Test-IsMaliciousIndicatorFound", "implementing_scripts": [ - "VerifyContext", - "Sleep", + "VerifyContext", + "Sleep", "IsMaliciousIndicatorFound" - ], + ], "implementing_commands": [ "createNewIndicator" ] } - }, + }, { "Mimecast test": { - "name": "Mimecast test", + "name": "Mimecast test", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", "mimecast-get-url-logs" ] } - }, + }, { "TestParseCSV": { - "name": "TestParseCSV", + "name": "TestParseCSV", "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", "ExportToCSV" ] } - }, + }, { "ArcSight Logger test": { - "name": "ArcSight Logger test", + "name": "ArcSight Logger test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", "as-events" ] } - }, + }, { "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", + "name": "Cylance Protect v2 Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", "cylance-protect-add-hash-to-list" ] } - }, + }, { "McAfeeESMTest": { - "name": "McAfeeESMTest", + "name": "McAfeeESMTest", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", "esm-fetch-alarms" ] } - }, + }, { "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Jask_Test": { - "name": "Jask Test", + "name": "Jask Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", "jask-get-insight-comments" ] } - }, + }, { "RSA NetWitness Test": { - "name": "RSA NetWitness Test", + "name": "RSA NetWitness Test", "implementing_commands": [ - "netwitness-get-incident", + "netwitness-get-incident", "netwitness-get-incidents" ] } - }, + }, { "Test_Sagemaker": { - "name": "Test Sagemaker", + "name": "Test Sagemaker", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "predict-phishing" ] } - }, + }, { "ExtractURL Test": { - "name": "ExtractURL Test", + "name": "ExtractURL Test", "implementing_scripts": [ - "Print", - "ExtractURL", + "Print", + "ExtractURL", "IsTrue" ] } - }, + }, { "tenable-sc-test": { - "name": "Tenable.sc Test", + "name": "Tenable.sc Test", "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", + "GetTime", + "VerifyContext", + "DeleteContext", "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", "tenable-sc-list-users" ] } - }, + }, { "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", + "name": "ReversingLabsA1000Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", "file" ] } - }, + }, { "TestWordFileToIOC": { - "name": "TestWordFileToIOC", + "name": "TestWordFileToIOC", "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", "ParseWordDoc" ] } - }, + }, { "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", + "name": "TestExtractHTMLTables", "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", "Exists" ] } - }, + }, { "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", + "name": "Test - urlscan", "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", + "CloseInvestigation", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "ip", + "url", + "ip", "urlscan-submit" ] } - }, + }, { "RasterizeImageTest": { - "name": "RasterizeImageTest", + "name": "RasterizeImageTest", "implementing_scripts": [ - "GenerateImageFileEntry", + "GenerateImageFileEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "rasterize-image", + "rasterize-image", "closeInvestigation" ] } - }, + }, { "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", + "name": "InfoArmorVigilanteATITest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", "vigilante-search-leaks" ] } - }, + }, { "strings-test": { - "name": "strings-test", + "name": "strings-test", "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", "VerifyContext" ] } - }, + }, { "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", + "name": "Process Email - Generic - Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Process Email - Generic" ] } - }, + }, { "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", + "name": "AWS - S3 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", "aws-s3-put-bucket-policy" ] } - }, + }, { "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", + "name": "TestFileCreateAndUpload", "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", + "Print", + "FileCreateAndUpload", + "DeleteContext", "CloseInvestigation" ] } - }, + }, { "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", + "name": "Get Original Email - EWS - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - EWS" ] } - }, + }, { "Remedy AR Test": { - "name": "Remedy AR Test", + "name": "Remedy AR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "remedy-get-server-details" ] } - }, + }, { "WordTokenizeTest": { - "name": "WordTokenizeTest", + "name": "WordTokenizeTest", "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", + "VerifyContext", + "WordTokenizer", "DeleteContext" ] } - }, + }, { "ExtractDomainTest": { - "name": "ExtractDomainTest", + "name": "ExtractDomainTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ExtractDomain" ] } - }, + }, { "TestCommonPython": { - "name": "TestCommonPython", + "name": "TestCommonPython", "implementing_scripts": [ "TestPYCommonServer" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Cylance Protect" ] } - }, + }, { "TestPacketsled": { - "name": "TestPacketsled", + "name": "TestPacketsled", "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", "packetsled-get-incidents" ] } - }, + }, { "EWS search-mailbox test": { - "name": "EWS search-mailbox test", + "name": "EWS search-mailbox test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", + "ews-search-mailbox", + "ews-move-item", "send-mail" ] } - }, + }, { "IntSights Test": { - "name": "IntSights Test", + "name": "IntSights Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", + "Print", + "VerifyContext", + "DeleteContext", + "Exists", "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", "intsights-get-alert-activities" ] } - }, + }, { "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", + "name": "SalesforceTestPlaybook", "implementing_scripts": [ - "ContextContains", + "ContextContains", "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", "salesforce-query" ] } - }, + }, { "Wildfire Test": { - "name": "Wildfire Test", + "name": "Wildfire Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", + "wildfire-upload", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "Vectra-test": { - "name": "Vectra-test", + "name": "Vectra-test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", "vectra-detections" ] } - }, + }, { "CuckooTest": { - "name": "CuckooTest", + "name": "CuckooTest", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Cuckoo", + "Detonate URL - Cuckoo", "Detonate File - Cuckoo" ] } - }, + }, { "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", + "name": "TextFromHTML Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "TextFromHTML" ] } - }, + }, { "PhishAi-Test": { - "name": "PhishAi-Test", + "name": "PhishAi-Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "phish-ai-scan-url" ] } - }, + }, { "Phishing test - attachment": { - "name": "Phishing test - attachment", + "name": "Phishing test - attachment", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", + "name": "Test-Detonate URL - Phish.AI", "implementing_playbooks": [ "Detonate URL - Phish.AI" ] } - }, + }, { "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", + "name": "ReversingLabsTCTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "file" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Carbon Black Enterprise Response" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", + "name": "PostgreSQL Test", + "fromversion": "3.6.0", "implementing_scripts": [ "VerifyHumanReadableEquals" - ], + ], "implementing_commands": [ "pgsql-query" ] } - }, + }, { "DUO Test Playbook": { - "name": "DUO Test Playbook", + "name": "DUO Test Playbook", "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", "PrintContext" - ], + ], "implementing_commands": [ "duo-preauth" ] } - }, + }, { "secureworks_test": { - "name": "Secureworks test", + "name": "Secureworks test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", "secure-works-get-tickets-updates" ] } - }, + }, { "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", + "name": "File Enrichment - Generic Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "File Enrichment - Generic" ] } - }, + }, { "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", + "name": "JSONtoCSV-Test", "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", "DeleteContext" ] } - }, + }, { "ZipFile-Test": { - "name": "ZipFile-Test", + "name": "ZipFile-Test", "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", "DeleteContext" ] } - }, + }, { "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", + "name": "AWS - IAM Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", "aws-iam-delete-instance-profile" ] } - }, + }, { "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", + "name": "ExposeIncidentOwner-Test", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", "AreValuesEqual" ] } - }, + }, { "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", + "name": "McAfeeWebGatewayTest", "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", + "ContextContains", + "DeleteContext", + "Sleep", "PrintContext" - ], + ], "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", "mwg-get-available-lists" ] } - }, + }, { "DemistoLockTest": { - "name": "DemistoLockTest", + "name": "DemistoLockTest", "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", + "Set", + "Print", + "DeleteContext", + "Sleep", "isError" - ], + ], "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", "demisto-lock-info" ] } - }, + }, { "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", + "name": "Detonate File - BitDam Test", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - BitDam" ] } - }, + }, { "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", + "name": "Luminate-TestPlaybook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", "lum-get-http-access-logs" ] } - }, + }, { "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", + "name": "McAfee-MAR_Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", + "mar-collectors-list", + "mar-search-multiple", "mar-search" ] } - }, + }, { "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", + "name": "Carbon Black Live Response Test", "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", + "TestCreateWordFile", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", "cb-session-close" ] } - }, + }, { "Recorded Future Test": { - "name": "Recorded Future Test", + "name": "Recorded Future Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", + "ip", + "domain", + "recorded-future-get-related-entities", "file" ] } - }, + }, { "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", + "name": "NetWitness Endpoint Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", "netwitness-get-machine-module" ] } - }, + }, { "DNSDBTest": { - "name": "DNSDBTest", + "name": "DNSDBTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "dnsdb-rrset", + "dnsdb-rrset", "dnsdb-rdata" ] } - }, + }, { "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", + "name": "VerifyHumanReadableFormat", "implementing_scripts": [ - "VerifyTableToMarkDown", + "VerifyTableToMarkDown", "VerifyTreeToFlatObject" ] } - }, + }, { "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Domain Enrichment - Generic" ] } - }, + }, { "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", "file" ] } - }, + }, { "ParseExcel-test": { - "name": "ParseExcel-test", + "name": "ParseExcel-test", "implementing_scripts": [ - "ParseExcel", - "DeleteContext", + "ParseExcel", + "DeleteContext", "http" ] } - }, + }, { "Zoom_Test": { - "name": "Zoom_Test", + "name": "Zoom_Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", + "Print", + "VerifyContext", + "GenerateEmail", "DeleteContext" - ], + ], "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", "zoom-delete-user" ] } - }, + }, { "DomainTools-Test": { - "name": "DomainTools-Test", + "name": "DomainTools-Test", "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", + "VerifyContext", + "NotInContextVerification", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", "reverseIP" ] } - }, + }, { "RedLockTest": { - "name": "RedLockTest", + "name": "RedLockTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", "redlock-dismiss-alerts" ] } - }, + }, { "TruSTAR Test": { - "name": "TruSTAR Test", + "name": "TruSTAR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", "trustar-search-indicators" ] } - }, + }, { "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", "Detonate URL - JoeSecurity" ] } - }, + }, { "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", + "name": "Symantec Messaging Gateway Test", "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", + "GenerateIP", + "VerifyContext", + "GenerateUUID", "AreValuesEqual" - ], + ], "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", "smg-unblock-email" ] } - }, + }, { "devo_test_playbook": { - "name": "Devo test playbook", + "name": "Devo test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "devo-query" ] } - }, + }, { "Lastline - testplaybook": { - "name": "Lastline - testplaybook", + "name": "Lastline - testplaybook", "implementing_scripts": [ - "DeleteContext", - "Set", + "DeleteContext", + "Set", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Lastline", + "Detonate URL - Lastline", "Detonate File - Lastline" ] } - }, + }, { "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Test CommonServer": { - "name": "Test CommonServer", + "name": "Test CommonServer", "implementing_scripts": [ "TestFormatTableValues" ] } - }, + }, { "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", + "name": "Test filters & transformers scripts", "implementing_scripts": [ - "RaiseError", - "Print", + "RaiseError", + "Print", "Set" ] } - }, + }, { "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", + "name": "virusTotalPrivateAPI-test-playbook", "implementing_scripts": [ - "VerifyContext", - "StringContains", + "VerifyContext", + "StringContains", "DeleteContext" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-file-report", "vt-private-get-domain-report" ] } - }, + }, { "SCADAfence_test": { - "name": "SCADAfence_test", + "name": "SCADAfence_test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", + "scadafence-getAsset", + "scadafence-setAlertStatus", "scadafence-getAlerts" ] } - }, + }, { "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", + "name": "SymantecEndpointProtection Test", "implementing_scripts": [ - "SEPScan", - "VerifyContext", + "SEPScan", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", "sep-system-info" ] } - }, + }, { "PagerDuty Test": { - "name": "PagerDuty Test", + "name": "PagerDuty Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", "PagerDuty-get-users-on-call-now" ] } - }, + }, { "pan-appframework-test": { - "name": "pan-appframework-test", + "name": "pan-appframework-test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "pan-appframework-query-logs" ] } - }, + }, { "TestSafeBreach": { - "name": "TestSafeBreach", + "name": "TestSafeBreach", "implementing_commands": [ - "safebreach-get-simulation", + "safebreach-get-simulation", "safebreach-rerun" ] } - }, + }, { "ExifReadTest": { - "name": "ExifReadTest", + "name": "ExifReadTest", "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", + "GenerateImageFileEntry", + "ExifRead", "DeleteContext" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "McAfee-TIE Test": { - "name": "McAfee-TIE Test", + "name": "McAfee-TIE Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "tie-file-references", - "file", + "tie-file-references", + "file", "tie-set-file-reputation" ] } - }, + }, { "SymantecMSSTest": { - "name": "SymantecMSSTest", + "name": "SymantecMSSTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", + "symantec-mss-incidents-list", + "symantec-mss-update-incident", "symantec-mss-get-incident" ] } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, + }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From 5aa0300dde2e3db6354832035bf3ebf4f03eb0fd Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 15:52:27 +0200 Subject: [PATCH 43/49] Removed random spaces at the end of lines --- Tests/id_set.json | 11350 ++++++++++++++++++++++---------------------- 1 file changed, 5707 insertions(+), 5643 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index e167cb55bc1d..3c9ed1761d12 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -4436,7 +4436,28 @@ "GetFirstObject": { "name": "GetFirstObject" } - }, + }, + { + "changeremediationslaonsevchange": { + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", + "script_executions": [ + "setIncident", + "setIncident", + "setIncident", + "setIncident" + ] + } + }, + { + "stoptimetoassignonownerchange": { + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", + "script_executions": [ + "stopTimer" + ] + } + }, { "changeremediationslaonsevchange": { "name": "ChangeRemediationSLAOnSevChange", @@ -4458,9866 +4479,9909 @@ ] } } - ], + ], "playbooks": [ { "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ "Search And Delete Emails - EWS" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", + "CloseInvestigation", + "IncidentSet", "commentsToContext" - ], + ], "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", "servicenow-incident-create" ] } - }, + }, { "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, + "name": "Get Original Email - Generic", + "fromversion": 4.0, "implementing_playbooks": [ - "Get Original Email - Gmail", + "Get Original Email - Gmail", "Get Original Email - EWS" ] } - }, + }, { "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "phish-ai-check-status", + "phish-ai-check-status", "phish-ai-scan-url" ] } - }, + }, { "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-get-task-report", "cuckoo-create-task-from-url" ] } - }, + }, { "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Cylance Protect", "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-details" ] } - }, + }, { "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - Carbon Black Enterprise Response", "Get File Sample From Path - D2" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ "rasterize-email" ] } - }, + }, { "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-upload-file", + "lastline-upload-file", "lastline-get-report" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", + "name": "GenericPolling", + "fromversion": "4.0.0", "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", + "ScheduleGenericPolling", + "RunPollingCommand", "PrintErrorEntry" ] } - }, + }, { "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExposeModules", - "Autoruns", + "ExposeModules", + "Autoruns", "Exists" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", "Calculate Severity - Critical assets" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", + "CBPFindRule", + "Set", + "CBPCatalogFindHash", "Exists" - ], + ], "implementing_commands": [ "cbp-computer-get" ] } - }, + }, { "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", + "name": "Incident Enrichment", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExtractURL", - "ExtractHash", + "ExtractURL", + "ExtractHash", "ExtractIP" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "Exists", + "Exists", "SendEmail" - ], + ], "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-search" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "crowdstrike-detonate-file" ] } - }, + }, { "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", + "name": "Enrich McAfee DXL using 3rd party sandbox", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "WildFire - Detonate file" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", + "name": "Tenable.io Scan", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", "tenable-io-get-scan-status" ] } - }, + }, { "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", "Block Account - Generic" ] } - }, + }, { "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-get-samples-state", "threat-grid-url-to-file" ] } - }, + }, { "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", "TrendMicroGetHostID" ] } - }, + }, { "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", "gvault-get-mail-results" ] } - }, + }, { "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", "Email Address Enrichment - Generic" ] } - }, + }, { "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", + "joe-download-report", + "joe-analysis-submit-url", "joe-analysis-info" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-sample", + "crowdstrike-submit-sample", "crowdstrike-scan" ] } - }, + }, { "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-device-details" ] } - }, + }, { "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "cveReputation" - ], + ], "implementing_commands": [ "cve-search" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", + "Print", + "CloseInvestigationAsDuplicate", "GetDuplicatesMl" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", "Detonate File - Generic" ] } - }, + }, { "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ - "QualysCreateIncidentFromReport", + "QualysCreateIncidentFromReport", "Set" - ], + ], "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", + "qualys-report-fetch", + "closeInvestigation", "qualys-report-list" ] } - }, + }, { "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, + "name": "Get Original Email - Gmail", + "fromversion": 4.0, "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", + "gmail-get-attachments", + "gmail-search", "gmail-get-mail" ] } - }, + }, { "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-check-status", + "atd-get-report", + "atd-check-status", "atd-file-upload" ] } - }, + }, { "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-get-report", + "lastline-get-report", "lastline-upload-url" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", "WildFire - Detonate file" ] } - }, + }, { "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", + "name": "Process Email - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "IsIntegrationAvailable", + "IsIntegrationAvailable", "Exists" - ], + ], "implementing_commands": [ - "slack-send", + "slack-send", "ExposeModules" ] } - }, + }, { "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentAddSystem", + "IncidentAddSystem", "FetchFileD2" ] } - }, + }, { "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, + "name": "Get Original Email - EWS", + "fromversion": 4.0, "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Set" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", + "ews-search-mailbox", + "ews-get-attachment", "ews-get-items" ] } - }, + }, { "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", + "CBPFindRule", + "CBPCatalogFindHash", "Exists" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", "implementing_scripts": [ - "StringContains", - "Set", + "StringContains", + "Set", "Exists" ] } - }, + }, { "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", "CPCreateBackup" ] } - }, + }, { "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "EPOFindSystem", - "Exists", + "EPOFindSystem", + "Exists", "ADGetComputer" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", + "cylance-protect-get-devices", + "cb-sensor-info", "so-agents-query" ] } - }, + }, { "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", "implementing_playbooks": [ - "QRadar - Get offense correlations", + "QRadar - Get offense correlations", "Access Investigation - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", "gvault-get-groups-results" ] } - }, + }, { "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", "DBotPreparePhishingData" ] } - }, + }, { "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", "Detonate URL - McAfee ATD" ] } - }, + }, { "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-sc-get-scan-report", + "tenable-sc-get-scan-report", "tenable-sc-launch-scan" ] } - }, + }, { "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload-file-remote", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", "implementing_commands": [ - "cb-sensor-info", + "cb-sensor-info", "cb-quarantine-device" ] } - }, + }, { "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", + "name": "DeDup incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "FindSimilarIncidents", + "FindSimilarIncidents", "CloseInvestigationAsDuplicate" ] } - }, + }, { "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-assets-scan", + "nexpose-start-assets-scan", "nexpose-get-scan" ] } - }, + }, { "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", "ExtractIP" ] } - }, + }, { "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", "NexposeEmailParser" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", + "name": "Dedup - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", "FindSimilarIncidents" ] } - }, + }, { "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", "Search Endpoints By Hash - Generic" ] } - }, + }, { "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", "implementing_commands": [ - "cb-get-hash-blacklist", + "cb-get-hash-blacklist", "cb-block-hash" ] } - }, + }, { "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "BuildEWSQuery" - ], + ], "implementing_commands": [ - "ews-search-mailboxes", + "ews-search-mailboxes", "ews-delete-items" ] } - }, + }, { "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", + "name": "MAR - Endpoint data collection", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "mar-search-multiple" ] } - }, + }, { "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-url", + "crowdstrike-submit-url", "crowdstrike-scan" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", + "IsIPInRanges", + "IPToHost", "IPReputation" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" - ], + ], "implementing_commands": [ "vt-private-get-ip-report" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "DomainReputation" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", + "name": "QRadarFullSearch", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", + "name": "Arcsight - Get events related to the Case", "implementing_scripts": [ - "IncidentSet", - "Set", + "IncidentSet", + "Set", "Exists" - ], + ], "implementing_commands": [ - "as-get-security-events", - "as-get-case", + "as-get-security-events", + "as-get-case", "as-get-case-event-ids" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", "Exists" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", "implementing_scripts": [ - "QRadarGetCorrelationLogs", + "QRadarGetCorrelationLogs", "QRadarGetOffenseCorrelations" ] } - }, + }, { "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", + "name": "Block IP - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ "PanoramaBlockIP" - ], + ], "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ - "zscaler-blacklist-ip", + "zscaler-blacklist-ip", "checkpoint-block-ip" ] } - }, + }, { "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "playbook3": { - "name": "Ransomware Playbook - Manual", + "name": "Ransomware Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", + "name": "Enrich DXL with ATD verdict", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "ATD - Detonate File" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", "sndbox-download-report" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } - }, + }, { "playbook2": { - "name": "Phishing Playbook - Manual", + "name": "Phishing Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", "Carbon black Protection Rapid IOC Hunting" ] } - }, + }, { "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "ReadPDFFile", - "Set", + "ReadPDFFile", + "Set", "ExtractIndicatorsFromTextFile" ] } - }, + }, { "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", + "name": "Sentinel One - Endpoint data collection", "implementing_scripts": [ - "Print", + "Print", "Exists" - ], + ], "implementing_commands": [ - "so-agents-query", + "so-agents-query", "so-get-agent-processes" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", + "name": "Process Email - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_playbooks": [ "Get Original Email - Generic" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", + "CloseInvestigation", + "commentsToContext", "Ping" - ], + ], "implementing_commands": [ "servicenow-incident-create" ] } - }, + }, { "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", "setIncident" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "StringContains", + "Print", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "playbook8": { - "name": "Lost / Stolen Device Playbook", + "name": "Lost / Stolen Device Playbook", "fromversion": "2.5.0" } - }, + }, { "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "DisplayHTML" - ], + ], "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "qualys-host-list", + "qualys-host-list", "qualys-vulnerability-list" ] } - }, + }, { "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", "ExtractURL" - ], + ], "implementing_playbooks": [ "Hunt for bad IOCs" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "CBFindHash" ] } - }, + }, { "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-site-scan", + "nexpose-start-site-scan", "nexpose-get-scan" ] } - }, + }, { "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", "panorama-commit-status" ] } - }, + }, { "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", "SlackAskUser" - ], + ], "implementing_commands": [ "slack-send" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", + "name": "WildFire - Detonate file", + "toversion": "3.1.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "File Enrichment - File reputation", + "File Enrichment - File reputation", "File Enrichment - Virus Total Private API" - ], + ], "implementing_commands": [ - "cylance-protect-get-threat", + "cylance-protect-get-threat", "pan-appframework-search-by-file-hash" ] } - }, + }, { "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ "NexposeCreateIncidentsFromAssets" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", + "closeInvestigation", + "nexpose-create-assets-report", "nexpose-search-assets" ] } - }, + }, { "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", + "name": "Archer initiate incident", + "fromversion": "3.5.0", "implementing_commands": [ "archer-get-file" ] } - }, + }, { "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", + "name": "Block File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Block File - Carbon Black Response" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Set" ] } - }, + }, { "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", "implementing_commands": [ "minemeld-add-to-miner" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "DomainReputation" - ], + ], "implementing_commands": [ "vt-private-get-domain-report" ] } - }, + }, { "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", "SendEmail" - ], + ], "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", + "epo-update-repository", + "epo-get-latest-dat", "epo-get-current-dat" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", + "vt-private-get-url-report", "rasterize" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", "cuckoo-create-task-from-file" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", + "name": "Account Enrichment", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", "Enrichment Playbook" ] } - }, + }, { "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", "implementing_scripts": [ "CloseInvestigation" - ], + ], "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", + "TwilioSendSMS", + "slack-send", + "demisto-api-get", "setIncident" ] } - }, + }, { "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", + "name": "ATD - Detonate File", + "toversion": "3.6.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "detonate-file" ] } - }, + }, { "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", + "name": "Block Account - Generic", + "fromversion": "4.0.0", "implementing_commands": [ "ad-disable-account" ] } - }, + }, { "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", "implementing_commands": [ - "vt-private-check-file-behaviour", + "vt-private-check-file-behaviour", "vt-private-get-file-report" ] } - }, + }, { "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", + "name": "Block URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ "zscaler-blacklist-url" ] } - }, + }, { "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", + "name": "Process Email", + "fromversion": "2.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" ] } - }, + }, { "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", + "AssignAnalystToIncident", + "ADGetUser", "EmailAskUser" - ], + ], "implementing_playbooks": [ - "IP Enrichment - Generic", + "IP Enrichment - Generic", "Account Enrichment - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", "implementing_scripts": [ "EPOFindSystem" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBLiveGetFile", + "CBLiveGetFile", "Exists" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ - "wildfire-report", + "wildfire-report", "detonate-file" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", + "name": "Detonate File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", "Detonate File - ThreatGrid" ] } - }, + }, { "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", + "name": "D2 - Endpoint data collection", "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", "AreValuesEqual" ] } - }, + }, { "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", + "name": "Enrichment Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", + "Print", + "FileReputation", + "IPReputation", + "Exists", "URLReputation" ] } - }, + }, { "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", "ews-o365-start-compliance-search" ] } - }, + }, { "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ "GetIndicatorDBotScore" ] } - }, + }, { "playbook0": { - "name": "Default", - "fromversion": "3.5.0", + "name": "Default", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", + "name": "ATD - Detonate File", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", + "joe-download-report", + "joe-analysis-info", "joe-analysis-submit-sample" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", + "IsIPInRanges", + "IPReputation", "Exists" ] } - }, + }, { "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "SandboxDetonateFile", + "Print", + "SandboxDetonateFile", "Exists" ] } - }, + }, { "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", + "joe-download-report", "joe-analysis-submit-sample" ] } - }, + }, { "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBFindHash", + "CBFindHash", "Exists" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "Endpoint data collection": { - "name": "Endpoint data collection", + "name": "Endpoint data collection", "implementing_scripts": [ "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", "D2 - Endpoint data collection" ] } - }, + }, { "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Cylance Protect", "Get File Sample From Hash - Carbon Black Enterprise Response" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", + "threat-grid-upload-sample", "threat-grid-get-samples-state" ] } - }, + }, + { + "Phishing Investigation - Generic": { + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", + "implementing_scripts": [ + "AssignAnalystToIncident", + "Set", + "SendEmail" + ], + "implementing_playbooks": [ + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", + "Calculate Severity - Generic" + ], + "implementing_commands": [ + "closeInvestigation", + "send-mail" + ] + } + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": "4.1.0", + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } } - ], + ], "integrations": [ { "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", "cybereason-update-malop-status" ] } - }, + }, { "Giphy": { - "name": "Giphy", + "name": "Giphy", "commands": [ "giphy" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", "nw-broker-mon" ] } - }, + }, { "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", "reversinglabs-download-unpacked" ] } - }, + }, { "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", "vmware-get-events" ] } - }, + }, { "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", "archer-get-user-id" ] } - }, + }, { "vmray": { - "name": "vmray", + "name": "vmray", "commands": [ - "upload_sample", - "get_results", + "upload_sample", + "get_results", "get_job_sample" ] } - }, + }, { "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", "jira-delete-issue" ] } - }, + }, { "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", "verodin-job-cancel" ] } - }, + }, { "dnstwist": { - "name": "dnstwist", + "name": "dnstwist", "commands": [ "dnstwist-domain-variations" ] } - }, + }, { "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", "ews-move-item" ] } - }, + }, { "OpenPhish": { - "name": "OpenPhish", + "name": "OpenPhish", "commands": [ - "url", - "openphish-reload", + "url", + "openphish-reload", "openphish-status" ] } - }, + }, { "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", "nsm-get-attacks" ] } - }, + }, { "ipinfo": { - "name": "ipinfo", + "name": "ipinfo", "commands": [ - "ip", + "ip", "ipinfo_field" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", "demisto-delete-incidents" ] } - }, + }, { "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", "satp-incidents" ] } - }, + }, { "McAfee Active Response": { - "name": "McAfee Active Response", + "name": "McAfee Active Response", "commands": [ - "mar-search", - "mar-collectors-list", + "mar-search", + "mar-collectors-list", "mar-search-multiple" ] } - }, + }, { "Aella Star Light": { - "name": "Aella Star Light", + "name": "Aella Star Light", "commands": [ "aella-get-event" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "Cisco CloudLock": { - "name": "Cisco CloudLock", + "name": "Cisco CloudLock", "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", + "cloudlock-get-users", + "cloudlock-get-user-apps", "cloudlock-get-activities" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", "cb-push-file-to-endpoint" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", + "name": "Pipl", + "fromversion": "3.5.0", "commands": [ - "pipl-search", + "pipl-search", "email" ] } - }, + }, { "Forcepoint": { - "name": "Forcepoint", + "name": "Forcepoint", "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", "fp-delete-address-from-category" ] } - }, + }, { "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", "fireeye-hx-get-host-set-information" ] } - }, + }, { "Threat Crowd": { - "name": "Threat Crowd", + "name": "Threat Crowd", "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", "threat-crowd-file" ] } - }, + }, { "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", + "name": "Palo Alto AppFramework", "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", "pan-appframework-search-by-file-hash" ] } - }, + }, { "Phishme Intelligence": { - "name": "Phishme Intelligence", + "name": "Phishme Intelligence", "commands": [ - "url", - "file", - "ip", - "phishme-search", + "url", + "file", + "ip", + "phishme-search", "email" ] } - }, + }, { "Remedy AR": { - "name": "Remedy AR", + "name": "Remedy AR", "commands": [ "remedy-get-server-details" ] } - }, + }, { "Intezer": { - "name": "Intezer", + "name": "Intezer", "commands": [ - "file", + "file", "intezer-upload" ] } - }, + }, { "AlgoSec": { - "name": "AlgoSec", + "name": "AlgoSec", "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", "algosec-query" ] } - }, + }, { "Zoom": { - "name": "Zoom", + "name": "Zoom", "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", "zoom-delete-user" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", "threat-grid-get-analysis-processes" ] } - }, + }, { "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", "qradar-delete-reference-set-value" ] } - }, + }, { "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", "splunk-parse-raw" ] } - }, + }, { "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", "domain" ] } - }, + }, { "LogRhythm": { - "name": "LogRhythm", + "name": "LogRhythm", "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", "lr-get-alarms" ] } - }, + }, { "Service Manager": { - "name": "Service Manager", + "name": "Service Manager", "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", "hpsm-get-device" ] } - }, + }, { "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Netskope": { - "name": "Netskope", + "name": "Netskope", "commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "McAfee Web Gateway": { - "name": "McAfee Web Gateway", + "name": "McAfee Web Gateway", "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", "mwg-delete-entry" ] } - }, + }, { "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", "as-search" ] } - }, + }, { "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", "cb-watchlist" ] } - }, + }, { "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", "zscaler-get-whitelist" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", "fe-config" ] } - }, + }, { "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", "device" ] } - }, + }, { "Skyformation": { - "name": "Skyformation", + "name": "Skyformation", "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", + "skyformation-get-accounts", + "skyformation-suspend-user", "skyformation-unsuspend-user" ] } - }, + }, { "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", "cisco-spark-send-message-to-room" ] } - }, + }, { "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", "as-case-delete" ] } - }, + }, { "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", "nexpose-get-scans" ] } - }, + }, { "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", "cylance-protect-delete-devices" ] } - }, + }, { "Cyber Triage": { - "name": "Cyber Triage", + "name": "Cyber Triage", "commands": [ "ct-triage-endpoint" ] } - }, + }, { "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", "endgame-investigation-status" ] } - }, + }, { "Kenna": { - "name": "Kenna", + "name": "Kenna", "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", "kenna-update-vulnerability" ] } - }, + }, { "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", "meraki-update-firewall-rules" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AWS Sagemaker": { - "name": "AWS Sagemaker", + "name": "AWS Sagemaker", "commands": [ "predict-phishing" ] } - }, + }, { "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", "crowdstrike-submit-file-by-url" ] } - }, + }, { "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", "domainProfile" ] } - }, + }, { "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", "jask-search-entities" ] } - }, + }, { "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", + "name": "Server Message Block (SMB)", "commands": [ "smb-download" ] } - }, + }, { "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", "esm-list-alarm-events" ] } - }, + }, { "nmap": { - "name": "nmap", + "name": "nmap", "commands": [ "nmap-scan" ] } - }, + }, { "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", + "name": "ReversingLabs Titanium Cloud", "commands": [ "file" ] } - }, + }, { "Farsight DNSDB": { - "name": "Farsight DNSDB", + "name": "Farsight DNSDB", "commands": [ - "dnsdb-rdata", + "dnsdb-rdata", "dnsdb-rrset" ] } - }, + }, { "Symantec MSS": { - "name": "Symantec MSS", + "name": "Symantec MSS", "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", + "symantec-mss-update-incident", + "symantec-mss-get-incident", "symantec-mss-incidents-list" ] } - }, + }, { "EWS Mail Sender": { - "name": "EWS Mail Sender", + "name": "EWS Mail Sender", "commands": [ "send-mail" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", "wildfire-upload-file-remote" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", "microsoft-atp-list-alerts" ] } - }, + }, { "Mail Sender (New)": { - "name": "Mail Sender (New)", + "name": "Mail Sender (New)", "commands": [ "send-mail" ] } - }, + }, { "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", "attivo-list-users" ] } - }, + }, { "Sample Incident Generator": { "name": "Sample Incident Generator" } - }, + }, { "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", + "name": "Hybrid Analysis", + "fromversion": "3.6.1", "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", "hybrid-analysis-detonate-file" ] } - }, + }, { "Anomali ThreatStream": { - "name": "Anomali ThreatStream", + "name": "Anomali ThreatStream", "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", "ip" ] } - }, + }, { "PacketMail": { - "name": "PacketMail", + "name": "PacketMail", "commands": [ "packetmail-ip" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", "umbrella-get-url-timeline" ] } - }, + }, { "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", "cbd-set-policy" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", + "name": "OPSWAT-Metadefender", "commands": [ - "opswat-hash", - "opswat-scan-file", + "opswat-hash", + "opswat-scan-file", "opswat-scan-result" ] } - }, + }, { "ActiveMQ": { - "name": "ActiveMQ", + "name": "ActiveMQ", "commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", + "name": "Cisco Email Security Appliance (IronPort)", "commands": [ "ironport-report" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "IsItPhishing": { - "name": "IsItPhishing", + "name": "IsItPhishing", "commands": [ "url" ] } - }, + }, { "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", "okta-update-user" ] } - }, + }, { "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", "aws-ec2-modify-instance-attribute" ] } - }, + }, { "Blockade.io": { - "name": "Blockade.io", + "name": "Blockade.io", "commands": [ - "blockade-get-indicators", + "blockade-get-indicators", "blockade-add-indicators" ] } - }, + }, { "AlphaSOC Network Behavior Analytics": { "name": "AlphaSOC Network Behavior Analytics" } - }, + }, { "Recorded Future": { - "name": "Recorded Future", + "name": "Recorded Future", "commands": [ - "domain", - "ip", - "file", + "domain", + "ip", + "file", "recorded-future-get-related-entities" ] } - }, + }, { "CVE Search": { - "name": "CVE Search", + "name": "CVE Search", "commands": [ - "cve-search", + "cve-search", "cve-latest" ] } - }, + }, { "SNDBOX": { - "name": "SNDBOX", + "name": "SNDBOX", "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", "sndbox-download-sample" ] } - }, + }, { "Demisto Lock": { - "name": "Demisto Lock", + "name": "Demisto Lock", "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", "demisto-lock-release-all" ] } - }, + }, { "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", "f5-list-all-user-sessions" ] } - }, + }, { "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", "mimecast-download-attachments" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", "redcanary-get-detection" ] } - }, + }, { "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", "joe-download-sample" ] } - }, + }, { "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", "aws-cloudtrail-lookup-events" ] } - }, + }, { "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", "threatexchange-members" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", "secure-works-get-tickets-ids" ] } - }, + }, { "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", "aws-get-ebs-volume-info" ] } - }, + }, { "ArcSight XML": { - "name": "ArcSight XML", + "name": "ArcSight XML", "commands": [ - "arcsight-update-case", + "arcsight-update-case", "arcsight-fetch-xml" ] } - }, + }, { "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", "vt-comments-get" ] } - }, + }, { "MxToolBox": { - "name": "MxToolBox", + "name": "MxToolBox", "commands": [ "mxtoolbox" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", "lcm-host-autoruns" ] } - }, + }, { "Packetsled": { - "name": "Packetsled", + "name": "Packetsled", "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", "packetsled-get-events" ] } - }, + }, { "Censys": { - "name": "Censys", + "name": "Censys", "commands": [ - "cen-view", + "cen-view", "cen-search" ] } - }, + }, { "Imperva Skyfence": { - "name": "Imperva Skyfence", + "name": "Imperva Skyfence", "commands": [ - "imp-sf-list-endpoints", + "imp-sf-list-endpoints", "imp-sf-set-endpoint-status" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", "minemeld-get-all-miners-names" ] } - }, + }, { "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", + "name": "GoogleSafeBrowsing", "commands": [ "url" ] } - }, + }, { "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", "salesforce-delete-case" ] } - }, + }, { "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", "scadafence-getAllConnections" ] } - }, + }, { "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", "hashicorp-create-token" ] } - }, + }, { "Proofpoint TAP": { - "name": "Proofpoint TAP", + "name": "Proofpoint TAP", "commands": [ "proofpoint-get-events" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", "threat-grid-get-specific-feed" ] } - }, + }, { "iDefense": { - "name": "iDefense", + "name": "iDefense", "commands": [ - "ip", - "domain", - "url", - "idefense-general", + "ip", + "domain", + "url", + "idefense-general", "uuid" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Venafi": { - "name": "Venafi", + "name": "Venafi", "commands": [ - "venafi-get-certificates", + "venafi-get-certificates", "venafi-get-certificate-details" ] } - }, + }, { "CyberArkAIM": { - "name": "CyberArkAIM", + "name": "CyberArkAIM", "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", "account-details" ] } - }, + }, { "Autofocus": { - "name": "Autofocus", + "name": "Autofocus", "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", "file" ] } - }, + }, { "AbuseIPDB": { - "name": "AbuseIPDB", + "name": "AbuseIPDB", "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", "abuseipdb-get-categories" ] } - }, + }, { "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", + "name": "McAfee Threat Intelligence Exchange", "commands": [ - "file", - "tie-set-file-reputation", + "file", + "tie-set-file-reputation", "tie-file-references" ] } - }, + }, { "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", "checkpoint-delete-rule" ] } - }, + }, { "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", "PagerDuty-acknowledge-event" ] } - }, + }, { "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", "gmail-add-filter" ] } - }, + }, { "Centreon": { - "name": "Centreon", + "name": "Centreon", "commands": [ - "centreon-get-host-status", + "centreon-get-host-status", "centreon-get-service-status" ] } - }, + }, { "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", "netwitness-blacklist-domains" ] } - }, + }, { "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", "pt-ssl-cert-search" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", "so-reslove-threats" ] } - }, + }, { "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", "amp_get_version" ] } - }, + }, { "AWS - SQS": { - "name": "AWS - SQS", + "name": "AWS - SQS", "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", "aws-sqs-purge-queue" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", "cb-terminate-process" ] } - }, + }, { "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", "aws-route53-upsert-record" ] } - }, + }, { "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", "tn-get-action" ] } - }, + }, { "FireEye ETP": { - "name": "FireEye ETP", + "name": "FireEye ETP", "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", "fireeye-etp-get-alert" ] } - }, + }, { "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", "vigilante-account-usage-info" ] } - }, + }, { "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", "rs-incidents-get-tasks" ] } - }, + }, { "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", "aws-iam-delete-account-alias" ] } - }, + }, { "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", "sep-client-content" ] } - }, + }, { "SumoLogic": { - "name": "SumoLogic", + "name": "SumoLogic", "commands": [ "search" ] } - }, + }, { "Pwned": { - "name": "Pwned", + "name": "Pwned", "commands": [ - "pwned-email", - "pwned-domain", + "pwned-email", + "pwned-domain", "email" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", + "name": "urlscan.io", + "toversion": "3.1.0", "commands": [ - "url", - "ip", - "file", + "url", + "ip", + "file", "urlscan-submit" ] } - }, + }, { "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", "lastline-get-task-list" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", + "name": "urlscan.io", + "fromversion": "3.5.0", "commands": [ - "urlscan-search", - "urlscan-submit", + "urlscan-search", + "urlscan-submit", "url" ] } - }, + }, { "OpsGenie": { - "name": "OpsGenie", + "name": "OpsGenie", "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", "opsgenie-get-schedule-timeline" ] } - }, + }, { "McAfeeDAM": { - "name": "McAfeeDAM", + "name": "McAfeeDAM", "commands": [ - "dam-get-alert-by-id", + "dam-get-alert-by-id", "dam-get-latest-by-rule" ] } - }, + }, { "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", "okta-get-group-members" ] } - }, + }, { "Devo": { - "name": "Devo", + "name": "Devo", "commands": [ "devo-query" ] } - }, + }, { "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", "aws-securityhub-update-finding" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "RedLock": { - "name": "RedLock", + "name": "RedLock", "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", "redlock-list-alert-filters" ] } - }, + }, { "Whois": { - "name": "Whois", - "fromversion": "4.1.0", + "name": "Whois", + "fromversion": "4.1.0", "commands": [ "whois" ] } - }, + }, { "SafeBreach": { - "name": "SafeBreach", + "name": "SafeBreach", "commands": [ - "safebreach-rerun", + "safebreach-rerun", "safebreach-get-simulation" ] } - }, + }, { "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", + "name": "AlphaSOC Wisdom", "commands": [ - "wisdom-domain-flags", + "wisdom-domain-flags", "wisdom-ip-flags" ] } - }, + }, { "jamf": { - "name": "jamf", + "name": "jamf", "commands": [ - "jamf-get-computers", + "jamf-get-computers", "jamf-get-computers-match" ] } - }, + }, { "CIRCL": { - "name": "CIRCL", + "name": "CIRCL", "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-ssl-get-certificate" ] } - }, + }, { "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", "panorama-push-status" ] } - }, + }, { "icebrg": { - "name": "icebrg", + "name": "icebrg", "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", "icebrg-get-report-assets" ] } - }, + }, { "EasyVista": { - "name": "EasyVista", + "name": "EasyVista", "commands": [ "easy-vista-search" ] } - }, + }, { "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", "tc-get-incident-associate-indicators" ] } - }, + }, { "BitDam": { - "name": "BitDam", + "name": "BitDam", "commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", "aws-s3-upload-file" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", "atd-login" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", + "name": "Mimecast", + "fromversion": "1.6.2", "commands": [ "mimecast-query" ] } - }, + }, { "Shodan": { - "name": "Shodan", + "name": "Shodan", "commands": [ - "search", + "search", "ip" ] } - }, + }, { "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", "aws-gd-update-findings-feedback" ] } - }, + }, { "Mimecast Authentication": { - "name": "Mimecast Authentication", + "name": "Mimecast Authentication", "commands": [ - "mimecast-login", - "mimecast-discover", + "mimecast-login", + "mimecast-discover", "mimecast-refresh-token" ] } - }, + }, { "malwr": { - "name": "malwr", - "fromversion": "3.0.0", + "name": "malwr", + "fromversion": "3.0.0", "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", + "malwr-submit", + "malwr-status", + "malwr-result", "malwr-detonate" ] } - }, + }, { "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", "cs-detection-details" ] } - }, + }, { "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", "servicenow-get-table-name" ] } - }, + }, { "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", "tenable-sc-get-system-information" ] } - }, + }, { "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", "gvault-get-groups-results" ] } - }, + }, { "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", "internal-misp-add-attribute" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", "box_files_get_info" ] } - }, + }, { "Remedy On-Demand": { - "name": "Remedy On-Demand", + "name": "Remedy On-Demand", "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", "remedy-incident-update" ] } - }, + }, { "Rasterize": { - "name": "Rasterize", + "name": "Rasterize", "commands": [ - "rasterize", - "rasterize-email", + "rasterize", + "rasterize-email", "rasterize-image" ] } - }, + }, { "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", "fortigate-delete-address-group" ] } - }, + }, { "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", "rtir-add-reply" ] } - }, + }, { "Tenable.io": { - "name": "Tenable.io", + "name": "Tenable.io", "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", "tenable-io-get-scan-status" ] } - }, + }, { "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", "sw-list-sessions" ] } - }, + }, { "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", "ews-o365-get-compliance-search-purge-status" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", "secure-works-get-ticket-count" ] } - }, + }, { "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", + "name": "Luminate", + "fromversion": "0.0.0", "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", "lum-get-ssh-access-logs" ] } - }, + }, { "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", "vt-private-download-file" ] } - }, + }, { "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", + "name": "Guidance Encase Endpoint", "commands": [ - "encase-copyjob", - "encase-snapshot", + "encase-copyjob", + "encase-snapshot", "encase-verifyhash" ] } - }, + }, { "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", "incap-get-app-info" ] } - }, + }, { "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", "cve-latest" ] } - }, + }, { "Cymon": { - "name": "Cymon", + "name": "Cymon", "commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", "atd-check-status" ] } - }, + }, { "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", "aws-logs-describe-metric-filters" ] } - }, + }, { "Microsoft Graph": { - "name": "Microsoft Graph", + "name": "Microsoft Graph", "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", "msg-get-user" ] } - }, + }, { "Secdo": { - "name": "Secdo", + "name": "Secdo", "commands": [ "secdo-add-IOCs" ] } - }, + }, { "Preempt": { - "name": "Preempt", + "name": "Preempt", "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", "preempt-get-alerts" ] } - }, + }, { "PostgreSQL": { - "name": "PostgreSQL", + "name": "PostgreSQL", "commands": [ "pgsql-query" ] } - }, + }, { "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", "epo-get-version" ] } - }, + }, { "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", "grr_set_hunts" ] } - }, + }, { "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", "nessus-scan-status" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", "ds-get-tags" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", "fe-submit-url-result" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", "nw-database-dump" ] } - }, + }, { "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", + "name": "RSA NetWitness v11.1", "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", "netwitness-get-alerts" ] } - }, + }, { "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", "smg-get-blocked-ips" ] } - }, + }, { "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", + "name": "OTRS", + "fromversion": "4.1.0", "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", "otrs-close-ticket" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", "cp-get-policy-details" ] } - }, + }, { "TCPIPUtils": { - "name": "TCPIPUtils", + "name": "TCPIPUtils", "commands": [ "ip" ] } - }, + }, { "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", "netwitness-im-get-alert-original" ] } - }, + }, { "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", + "name": "Where is the egg?", + "fromversion": "3.6.0", "commands": [ "clue" ] } - }, + }, { "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", "jira-issue-add-link" ] } - }, + }, { "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", "vec-get-detetctions-by-id" ] } - }, + }, { "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", + "name": "Twilio", + "fromversion": "2.5.0", "commands": [ "TwilioSendSMS" ] } - }, + }, { "PhishTank": { - "name": "PhishTank", + "name": "PhishTank", "commands": [ - "url", - "phishtank-reload", + "url", + "phishtank-reload", "phishtank-status" ] } - }, + }, { "FireEye iSIGHT": { - "name": "FireEye iSIGHT", + "name": "FireEye iSIGHT", "commands": [ - "ip", - "domain", - "file", - "isight-get-report", + "ip", + "domain", + "file", + "isight-get-report", "isight-submit-file" ] } - }, + }, { "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", "bigfix-query" ] } - }, + }, { "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", + "name": "Phish.AI", + "fromversion": "4.0.0", "commands": [ - "phish-ai-scan-url", + "phish-ai-scan-url", "phish-ai-check-status" ] } - }, + }, { "Koodous": { - "name": "Koodous", + "name": "Koodous", "commands": [ "k-check-hash" ] } - }, + }, { "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", "intsights-close-alert" ] } } - ], + ], "TestPlaybooks": [ { "SignalSciences Test": { - "name": "SignalSciences Test", + "name": "SignalSciences Test", "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", "sigsci-whitelist-remove-ip" ] } - }, + }, { "Microsoft Graph Test": { - "name": "Microsoft Graph Test", + "name": "Microsoft Graph Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", + "msg-search-alerts", + "msg-update-alert", "msg-get-alert-details" ] } - }, + }, { "Mail Sender (New) Test": { - "name": "Email Sender Python", + "name": "Email Sender Python", "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", + "Set", + "FileCreateAndUpload", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", "send-mail" ] } - }, + }, { "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", "ExtractURL" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "PortListenCheck-test": { - "name": "PortListenCheck-test", + "name": "PortListenCheck-test", "implementing_scripts": [ - "Print", + "Print", "PortListenCheck" ] } - }, + }, { "Qualys-Test": { - "name": "Qualys-Test", + "name": "Qualys-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", "qualys-report-list" ] } - }, + }, { "Pipl Test": { - "name": "Pipl Test", + "name": "Pipl Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "pipl-search" ] } - }, + }, { "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", "AreValuesEqual" - ], + ], "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", "splunk-get-indexes" ] } - }, + }, { "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", + "name": "CbP-PlayBook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", "cbp-fileAnalysis-get" ] } - }, + }, { "test_url_regex": { - "name": "Test URL Regex", + "name": "Test URL Regex", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" ] } - }, + }, { "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", + "name": "Test - PhishMe", "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", + "url", + "phishme-search", + "email", + "file", "ip" ] } - }, + }, { "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", + "name": "AWS - Route53 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", "aws-route53-list-hosted-zones" ] } - }, + }, { "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", + "name": "EWS Mail Sender Test", "implementing_scripts": [ "http" - ], + ], "implementing_commands": [ "send-mail" ] } - }, + }, { "Icebrg Test": { - "name": "Icebrg Test", + "name": "Icebrg Test", "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", "icebrg-get-report-indicators" ] } - }, + }, { "tenable-sc-scan-test": { - "name": "Test tenable scan", + "name": "Test tenable scan", "implementing_playbooks": [ "Launch Scan - Tenable.sc" ] } - }, + }, { "VMWare Test": { - "name": "VMWare Test", + "name": "VMWare Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", "vmware-get-vms" ] } - }, + }, { "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", + "name": "OpenPhish Test Playbook", "implementing_scripts": [ - "Print", - "CloseInvestigation", + "Print", + "CloseInvestigation", "Exists" - ], + ], "implementing_commands": [ - "url", + "url", "openphish-status" ] } - }, + }, { "Intezer Testing": { - "name": "Intezer Testing", + "name": "Intezer Testing", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "intezer-upload", + "intezer-upload", "file" ] } - }, + }, { "test-domain-indicator": { - "name": "test-domain-indicator", + "name": "test-domain-indicator", "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", + "Print", + "GetIndicatorDBotScore", "Sleep" ] } - }, + }, { "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "IP Enrichment - Generic" ] } - }, + }, { "Nessus - Test": { - "name": "Nessus - Test", + "name": "Nessus - Test", "implementing_scripts": [ "WhileLoop" - ], + ], "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", "nessus-scan-details" ] } - }, + }, { "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", + "name": "AWS - EC2 Test Playbook actions", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", "aws-ec2-stop-instances" ] } - }, + }, { "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", + "name": "Google Vault Generic Test", "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", + "VerifyContext", + "GeneratePassword", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", "gvault-create-export-groups" ] } - }, + }, { "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "CVE Enrichment - Generic" ] } - }, + }, { "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", + "name": "ReadPDFFile-Test", "implementing_scripts": [ - "DeleteContext", - "http", + "DeleteContext", + "http", "ReadPDFFile" ] } - }, + }, { "RegexGroups Test": { - "name": "RegexGroups Test", + "name": "RegexGroups Test", "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", + "RaiseError", + "VerifyContext", + "Set", "DeleteContext" ] } - }, + }, { "GmailTest": { - "name": "GmailTest", + "name": "GmailTest", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", "gmail-search" ] } - }, + }, { "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", + "name": "Extract Indicators From File - test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "http" - ], + ], "implementing_playbooks": [ "Extract Indicators From File - Generic" ] } - }, + }, { "Kenna Test": { - "name": "Kenna Test", + "name": "Kenna Test", "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", "kenna-get-connectors" ] } - }, + }, { "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", + "name": "AWS - CloudTrail Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", "aws-cloudtrail-stop-logging" ] } - }, + }, { "test_Qradar": { - "name": "test_Qradar", + "name": "test_Qradar", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], + ], "implementing_playbooks": [ "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", "qradar-delete-reference-set-value" ] } - }, + }, { "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", + "name": "Centreon-Test-Playbook", "implementing_commands": [ "centreon-get-host-status" ] } - }, + }, { "ssdeepreputationtest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", "SSDeepReputation" ] } - }, + }, { "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", + "name": "CrowdStrike FalconHost Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", + "cs-device-ran-on", + "cs-device-search", "cs-device-details" ] } - }, + }, { "dnstwistTest": { - "name": "dnstwistTest", + "name": "dnstwistTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "dnstwist-domain-variations" ] } - }, + }, { "IPInfoTest": { - "name": "IPInfoTest", + "name": "IPInfoTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "Netskope Test": { - "name": "Netskope Test", + "name": "Netskope Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Entity Enrichment - Generic" ] } - }, + }, { "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", + "name": "CrowdStrike Falcon Intel v2", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", "cs-reports" ] } - }, + }, { "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - TIE" ] } - }, + }, { "nexpose_test": { - "name": "Nexpose test", + "name": "Nexpose test", "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", + "GenerateUUID", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", "nexpose-get-scans" ] } - }, + }, { "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", + "name": "cisco-ise-test-playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "cisco-ise-get-endpoints" ] } - }, + }, { "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", + "name": "Carbon Black Response Test", "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", + "CarbonBlackResponseFilterSensors", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", "cb-alert" ] } - }, + }, { "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", + "VerifyContext", + "CreateDuplicateIncident", "DeleteContext" - ], + ], "implementing_playbooks": [ "Dedup - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "VxStream Test": { - "name": "VxStream Test", + "name": "VxStream Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", + "VerifyContext", + "DeleteContext", + "http", "Exists" - ], + ], "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", "crowdstrike-search" ] } - }, + }, { "PhishTank Testing": { - "name": "PhishTank Testing", + "name": "PhishTank Testing", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", + "DeleteContext", + "VerifyContext", + "Set", + "http", "ReadFile" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "BigFixTest": { - "name": "BigFixTest", + "name": "BigFixTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", "bigfix-deploy-patch" ] } - }, + }, { "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", + "name": "Cisco-Meraki-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", "meraki-fetch-organization-inventory" ] } - }, + }, { "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "URL Enrichment - Generic" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "CheckpointFW-test": { - "name": "CheckpointFW-test", + "name": "CheckpointFW-test", "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", "CheckpointFWCreateBackup" - ], + ], "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", "checkpoint-show-hosts" ] } - }, + }, { "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", + "name": "Test Playbook McAfee ATD", "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", + "FileCreateAndUpload", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Detonate URL - McAfee ATD", + "Detonate URL - McAfee ATD", "ATD - Detonate File" - ], + ], "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", + "atd-list-analyzer-profiles", + "atd-login", "atd-list-user" ] } - }, + }, { "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", + "name": "Cisco-Umbrella-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", "umbrella-domain-categorization" ] } - }, + }, { "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", + "name": "Test Playbook McAfee ePO", "implementing_scripts": [ - "RaiseError", + "RaiseError", "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", "epo-query-table" ] } - }, + }, { "grr_test": { - "name": "GRR Test", + "name": "GRR Test", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", "grr-get-flows" ] } - }, + }, { "RTIR Test": { - "name": "RTIR Test", + "name": "RTIR Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", "rtir-search-ticket" ] } - }, + }, { "GeneratePassword-Test": { - "name": "GeneratePassword-Test", + "name": "GeneratePassword-Test", "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", + "Print", + "GeneratePassword", + "DeleteContext", "Exists" ] } - }, + }, { "EWS Public Folders Test": { - "name": "EWS Public Folders Test", + "name": "EWS Public Folders Test", "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", "ews-get-folder" ] } - }, + }, { "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Account Enrichment - Generic" ] } - }, + }, { "TestStringReplace": { - "name": "TestStringReplace", + "name": "TestStringReplace", "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", + "StringReplace", + "VerifyContextFields", "DeleteContext" ] } - }, + }, { "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", + "name": "EWSv2_empty_attachment_test", "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - CrowdStrike" ] } - }, + }, { "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", + "name": "IBM Resilient Systems Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", "rs-incident-artifacts" ] } - }, + }, { "whois_test": { - "name": "whois_test", + "name": "whois_test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "whois" ] } - }, + }, { "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", + "name": "MxToolbox_test", "implementing_scripts": [ - "CloseInvestigation", - "Exists", + "CloseInvestigation", + "Exists", "ToTable" - ], + ], "implementing_commands": [ "mxtoolbox" ] } - }, + }, { "Jira-Test": { - "name": "Jira-Test", + "name": "Jira-Test", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", + "VerifyContextFields", + "VerifyContext", + "DeleteContext", "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", "jira-get-issue" ] } - }, + }, { "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", + "name": "AWS - EC2 Test Playbook ", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", "aws-ec2-describe-addresses" ] } - }, + }, { "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", + "name": "palo_alto_firewall_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_playbooks": [ "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", "panorama-delete-address" ] } - }, + }, { "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", + "name": "Google Safe Browsing Test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "CloseInvestigation" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "Tenable.io test": { - "name": "Tenable.io test", + "name": "Tenable.io test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", "tenable-io-get-scan-status" ] } - }, + }, { "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", + "name": "JoeSecurityTestPlaybook", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", "joe-analysis-submit-url" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "OTRS Test": { - "name": "OTRS Test", + "name": "OTRS Test", "implementing_scripts": [ "FetchFromInstance" - ], + ], "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", "otrs-get-ticket" ] } - }, + }, { "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", + "name": "Get Original Email - Gmail - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - Gmail" ] } - }, + }, { "TestHPServiceManager": { - "name": "TestHPServiceManager", + "name": "TestHPServiceManager", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", "hpsm-get-incident-by-id" ] } - }, + }, { "AbuseIPDB Test": { - "name": "AbuseIPDB Test", + "name": "AbuseIPDB Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", "abuseipdb-report-ip" ] } - }, + }, { "TestIsValueInArray": { - "name": "TestIsValueInArray", + "name": "TestIsValueInArray", "implementing_scripts": [ - "CloseInvestigation", - "Set", + "CloseInvestigation", + "Set", "IsValueInArray" ] } - }, + }, { "GsuiteTest": { - "name": "test-Gsuite", + "name": "test-Gsuite", "implementing_scripts": [ "VerifyContextFields" - ], + ], "implementing_commands": [ "googleapps-list-users" ] } - }, + }, { "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", + "name": "Cisco Spark Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", "cisco-spark-list-rooms" ] } - }, + }, { "iDefenseTest": { - "name": "iDefenseTest", + "name": "iDefenseTest", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "uuid" ] } - }, + }, { "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", + "name": "Block Indicators - Generic - Test", "implementing_playbooks": [ "Block Indicators - Generic" ] } - }, + }, { "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", "netwitness-query" ] } - }, + }, { "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", + "name": "Google Vault - Search And Display Results test", "implementing_scripts": [ - "GeneratePassword", + "GeneratePassword", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", "Google Vault - Search Drive" ] } - }, + }, { "URLDecode-Test": { - "name": "URLDecode-Test", + "name": "URLDecode-Test", "implementing_scripts": [ - "URLDecode", + "URLDecode", "DeleteContext" ] } - }, + }, { "Zscaler Test": { - "name": "Zscaler Test", + "name": "Zscaler Test", "implementing_scripts": [ - "GenerateUUID", + "GenerateUUID", "isError" - ], + ], "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", "zscaler-category-add-url" ] } - }, + }, { "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", + "name": "urlscan_malicious_Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ "urlscan-search" ] } - }, + }, { "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", + "name": "DemistoUploadFileToIncident Test", "implementing_scripts": [ - "DemistoUploadFileToIncident", + "DemistoUploadFileToIncident", "http" ] } - }, + }, { "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", + "name": "ParseEmailFiles-test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", "ParseEmailFiles" ] } - }, + }, { "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentSet", - "DeleteContext", + "IncidentSet", + "DeleteContext", "VerifyContext" - ], + ], "implementing_playbooks": [ "Extract Indicators - Generic" ] } - }, + }, { "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", + "name": "listExecutedCommands-Test", "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", "AreValuesEqual" ] } - }, + }, { "Phishing test - Inline": { - "name": "Phishing test - Inline", + "name": "Phishing test - Inline", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", + "name": "Tenable.io Scan Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Tenable.io Scan" ] } - }, + }, { "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", + "name": "AlphaSOC Wisdom Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "wisdom-ip-flags", + "wisdom-ip-flags", "wisdom-domain-flags" ] } - }, + }, { "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", + "name": "pyEWS_Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", "ews-search-mailboxes" ] } - }, + }, { "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", + "name": "virusTotal-test-playbook", "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", + "Set", + "VerifyContext", + "DeleteContext", "Exists" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", + "name": "Calculate Severity - Critical assets - Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ADGetUser" - ], + ], "implementing_playbooks": [ "Calculate Severity - Critical assets" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Response" ] } - }, + }, { "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", + "name": "TestGetDuplicatesIncidentsByMl", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", "TestCreateDuplicates" ] } - }, + }, { "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", + "name": "LogRhythm-Test-Playbook", "implementing_commands": [ "lr-get-alarms" ] } - }, + }, { "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", + "name": "Test Similar Incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", "FindSimilarIncidents" ] } - }, + }, { "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", + "name": "AWS - CloudWatchLogs Test Playbook_copy", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", "aws-logs-delete-retention-policy" ] } - }, + }, { "TestSkyformation": { - "name": "TestSkyformation", + "name": "TestSkyformation", "implementing_scripts": [ "TestFail" - ], + ], "implementing_commands": [ "skyformation-get-accounts" ] } - }, + }, { "EWS test": { - "name": "EWS test", + "name": "EWS test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", "ews-delete-items" ] } - }, + }, { "ShodanTest": { - "name": "ShodanTest", + "name": "ShodanTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", + "name": "Sandblast malicious test", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "echo" - ], + ], "implementing_commands": [ - "sandblast-query", + "sandblast-query", "sandblast-upload" ] } - }, + }, { "minemeld_test": { - "name": "Palo Alto MineMeld Test", + "name": "Palo Alto MineMeld Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", "minemeld-get-indicator-from-miner" ] } - }, + }, { "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", + "name": "Archer-Test-Playbook", "implementing_scripts": [ - "VerifyContextFields", + "VerifyContextFields", "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", "archer-get-record" ] } - }, + }, { "LanguageDetect-Test": { - "name": "LanguageDetect-Test", + "name": "LanguageDetect-Test", "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", "Exists" ] } - }, + }, { "ThreatGridTest": { - "name": "ThreatGridTest", + "name": "ThreatGridTest", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", "threat-grid-upload-sample" ] } - }, + }, { "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate URL - Generic" ] } - }, + }, { "test-ThreatConnect": { - "name": "test-ThreatConnect", + "name": "test-ThreatConnect", "implementing_commands": [ "tc-owners" ] } - }, + }, { "TestMatchRegex": { - "name": "TestMatchRegex", + "name": "TestMatchRegex", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "MatchRegex" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Generic" ] } - }, + }, { "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", + "name": "Detonate File - SNDBOX - Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - SNDBOX" ] } - }, + }, { "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", + "name": "Create Phishing Classifier ML Test", "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", "TestCreateIncidents" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" ] } - }, + }, { "CirclIntegrationTest": { - "name": "CIRCL Test", + "name": "CIRCL Test", "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", + "VerifyHumanReadableContains", + "PrintErrorEntry", "isError" - ], + ], "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-dns-get" ] } - }, + }, { "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", + "name": "ProofpointDecodeURL-Test", "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", "AreValuesEqual" ] } - }, + }, { "FireEye HX Test": { - "name": "FireEye HX Test", + "name": "FireEye HX Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", "fireeye-hx-get-indicator" ] } - }, + }, { "hashicorp_test": { - "name": "hashicorp_test", + "name": "hashicorp_test", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", "hashicorp-reset-configuration" ] } - }, + }, { "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", + "DecodeMimeHeader", + "DeleteContext", "VerifyContext" ] } - }, + }, { "XFE Test": { - "name": "XFE Test", + "name": "XFE Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", + "VerifyContext", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", + "domain", + "url", + "ip", + "cve-latest", + "cve-search", "file" ] } - }, + }, { "Base64 File in List Test": { - "name": "Base64 File in List Test", + "name": "Base64 File in List Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Base64ListToFile" - ], + ], "implementing_commands": [ "setList" ] } - }, + }, { "Cybereason Test": { - "name": "Cybereason Test", + "name": "Cybereason Test", "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", + "FetchFromInstance", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", "cybereason-query-malops" ] } - }, + }, { "ActiveMQ Test": { - "name": "ActiveMQ Test", + "name": "ActiveMQ Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], + ], "implementing_commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "McAfeeNSMTest": { - "name": "McAfeeNSMTest", + "name": "McAfeeNSMTest", "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", "nsm-get-sensors" ] } - }, + }, { "SNDBOX_Test": { - "name": "SNDBOX_Test", + "name": "SNDBOX_Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", "sndbox-is-online" ] } - }, + }, { "Fortigate Test": { - "name": "Fortigate Test", + "name": "Fortigate Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", "fortigate-update-policy" ] } - }, + }, { "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "sep-endpoints-info" ] } - }, + }, { "awake_security_test_pb": { - "name": "awake_security_test_pb", + "name": "awake_security_test_pb", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", "email" ] } - }, + }, { "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", + "name": "nmap-test", "implementing_scripts": [ - "CloseInvestigation", - "Print", + "CloseInvestigation", + "Print", "Exists" - ], + ], "implementing_commands": [ "nmap-scan" ] } - }, + }, { "Detonate File - No Files test": { - "name": "Detonate File - No Files test", + "name": "Detonate File - No Files test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", "ExtractEmail" ] } - }, + }, { "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", + "name": "test-LinkIncidentsWithRetry", "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", + "Print", + "LinkIncidentsWithRetry", "AreValuesEqual" - ], + ], "implementing_commands": [ "createNewIncident" ] } - }, + }, { "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", + "name": "Autofocus_test", "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", + "CloseInvestigation", + "IsMaliciousIndicatorFound", "AreValuesEqual" - ], + ], "implementing_commands": [ - "autofocus-search-sessions", - "file", + "autofocus-search-sessions", + "file", "autofocus-search-samples" ] } - }, + }, { "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", + "name": "Remedy-On-Demand-Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", "remedy-incident-update" ] } - }, + }, { "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Generic" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "Test ParseCSV": { - "name": "Test ParseCSV", + "name": "Test ParseCSV", "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", "AreValuesEqual" ] } - }, + }, { "Preempt Test": { - "name": "Preempt Test", + "name": "Preempt Test", "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", "preempt-add-to-watch-list" ] } - }, + }, { "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", + "name": "playbook-Cymon_Test", "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", + "VerifyContext", + "StringContains", + "DeleteContext", "ValidateErrorExistence" - ], + ], "implementing_commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", + "name": "HTTPRedirectList Test", "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", + "CloseInvestigation", + "HTTPListRedirects", "AreValuesEqual" ] } - }, + }, { "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", + "name": "Tcpiputlis Test Playbook", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", + "name": "S3 Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", "aws-s3-delete-bucket" ] } - }, + }, { "buildewsquery_test": { - "name": "BuildEWSQuery Test", + "name": "BuildEWSQuery Test", "implementing_scripts": [ - "BuildEWSQuery", + "BuildEWSQuery", "VerifyContext" ] } - }, + }, { "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", + "name": "palo_alto_panorama_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", "panorama-delete-address" ] } - }, + }, { "okta_test_playbook": { - "name": "Okta test playbook", + "name": "Okta test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", "okta-get-group-assignments" ] } - }, + }, { "test_delete_context": { - "name": "Test Delete Context", + "name": "Test Delete Context", "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", + "RaiseError", + "Set", + "DeleteContext", "isError" ] } - }, + }, { "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", + "name": "JiraCreateIssue-example-test", "implementing_scripts": [ - "JiraCreateIssue-example", + "JiraCreateIssue-example", "DeleteContext" - ], + ], "implementing_commands": [ "jira-delete-issue" ] } - }, + }, { "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", + "name": "AttivoBotsinkTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", "attivo-list-playbooks" ] } - }, + }, { "email_test": { - "name": "Email Address Enrichment - Generic - Test", + "name": "Email Address Enrichment - Generic - Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Email Address Enrichment - Generic" ] } - }, + }, { "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", + "name": "Cisco Umbrella Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", "umbrella-get-domain-queryvolume" ] } - }, + }, { "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", + "name": "AWS - SQS Test Playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", "aws-sqs-delete-queue" ] } - }, + }, { "RedCanaryTest": { - "name": "RedCanaryTest", + "name": "RedCanaryTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", "redcanary-execute-playbook" ] } - }, + }, { "blockip_test_playbook": { - "name": "blockip_test_playbook", + "name": "blockip_test_playbook", "implementing_scripts": [ "BlockIP" ] } - }, + }, { "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Block Endpoint - Carbon Black Response" - ], + ], "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", + "cb-list-sensors", + "cb-unquarantine-device", "cb-sensor-info" ] } - }, + }, { "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", + "name": "ExportToCSV script test", + "fromversion": "3.6.0", "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", "ReadFile" ] } - }, + }, { "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - D2" ] } - }, + }, { "GetTime-Test": { - "name": "GetTime-Test", + "name": "GetTime-Test", "implementing_scripts": [ - "GetTime", - "DeleteContext", + "GetTime", + "DeleteContext", "MatchRegex" ] } - }, + }, { "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", + "name": "CreateEmailHtmlBody_test_pb", "implementing_scripts": [ - "CreateEmailHtmlBody", + "CreateEmailHtmlBody", "DeleteContext" - ], + ], "implementing_commands": [ "createList" ] } - }, + }, { "forcepoint test": { - "name": "forcepoint test", + "name": "forcepoint test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", "fp-delete-categories" ] } - }, + }, { "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-detection-search" ] } - }, + }, { "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" ] } - }, + }, { "TestHttpPlaybook": { - "name": "TestHttpPlaybook", + "name": "TestHttpPlaybook", "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", + "VerifyContextFields", + "DeleteContext", "http" ] } - }, + }, { "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", + "name": "Test-IsMaliciousIndicatorFound", "implementing_scripts": [ - "VerifyContext", - "Sleep", + "VerifyContext", + "Sleep", "IsMaliciousIndicatorFound" - ], + ], "implementing_commands": [ "createNewIndicator" ] } - }, + }, { "Mimecast test": { - "name": "Mimecast test", + "name": "Mimecast test", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", "mimecast-get-url-logs" ] } - }, + }, { "TestParseCSV": { - "name": "TestParseCSV", + "name": "TestParseCSV", "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", "ExportToCSV" ] } - }, + }, { "ArcSight Logger test": { - "name": "ArcSight Logger test", + "name": "ArcSight Logger test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", "as-events" ] } - }, + }, { "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", + "name": "Cylance Protect v2 Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", "cylance-protect-add-hash-to-list" ] } - }, + }, { "McAfeeESMTest": { - "name": "McAfeeESMTest", + "name": "McAfeeESMTest", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", "esm-fetch-alarms" ] } - }, + }, { "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Jask_Test": { - "name": "Jask Test", + "name": "Jask Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", "jask-get-insight-comments" ] } - }, + }, { "RSA NetWitness Test": { - "name": "RSA NetWitness Test", + "name": "RSA NetWitness Test", "implementing_commands": [ - "netwitness-get-incident", + "netwitness-get-incident", "netwitness-get-incidents" ] } - }, + }, { "Test_Sagemaker": { - "name": "Test Sagemaker", + "name": "Test Sagemaker", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "predict-phishing" ] } - }, + }, { "ExtractURL Test": { - "name": "ExtractURL Test", + "name": "ExtractURL Test", "implementing_scripts": [ - "Print", - "ExtractURL", + "Print", + "ExtractURL", "IsTrue" ] } - }, + }, { "tenable-sc-test": { - "name": "Tenable.sc Test", + "name": "Tenable.sc Test", "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", + "GetTime", + "VerifyContext", + "DeleteContext", "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", "tenable-sc-list-users" ] } - }, + }, { "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", + "name": "ReversingLabsA1000Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", "file" ] } - }, + }, { "TestWordFileToIOC": { - "name": "TestWordFileToIOC", + "name": "TestWordFileToIOC", "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", "ParseWordDoc" ] } - }, + }, { "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", + "name": "TestExtractHTMLTables", "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", "Exists" ] } - }, + }, { "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", + "name": "Test - urlscan", "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", + "CloseInvestigation", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "ip", + "url", + "ip", "urlscan-submit" ] } - }, + }, { "RasterizeImageTest": { - "name": "RasterizeImageTest", + "name": "RasterizeImageTest", "implementing_scripts": [ - "GenerateImageFileEntry", + "GenerateImageFileEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "rasterize-image", + "rasterize-image", "closeInvestigation" ] } - }, + }, { "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", + "name": "InfoArmorVigilanteATITest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", "vigilante-search-leaks" ] } - }, + }, { "strings-test": { - "name": "strings-test", + "name": "strings-test", "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", "VerifyContext" ] } - }, + }, { "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", + "name": "Process Email - Generic - Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Process Email - Generic" ] } - }, + }, { "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", + "name": "AWS - S3 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", "aws-s3-put-bucket-policy" ] } - }, + }, { "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", + "name": "TestFileCreateAndUpload", "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", + "Print", + "FileCreateAndUpload", + "DeleteContext", "CloseInvestigation" ] } - }, + }, { "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", + "name": "Get Original Email - EWS - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - EWS" ] } - }, + }, { "Remedy AR Test": { - "name": "Remedy AR Test", + "name": "Remedy AR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "remedy-get-server-details" ] } - }, + }, { "WordTokenizeTest": { - "name": "WordTokenizeTest", + "name": "WordTokenizeTest", "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", + "VerifyContext", + "WordTokenizer", "DeleteContext" ] } - }, + }, { "ExtractDomainTest": { - "name": "ExtractDomainTest", + "name": "ExtractDomainTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ExtractDomain" ] } - }, + }, { "TestCommonPython": { - "name": "TestCommonPython", + "name": "TestCommonPython", "implementing_scripts": [ "TestPYCommonServer" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Cylance Protect" ] } - }, + }, { "TestPacketsled": { - "name": "TestPacketsled", + "name": "TestPacketsled", "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", "packetsled-get-incidents" ] } - }, + }, { "EWS search-mailbox test": { - "name": "EWS search-mailbox test", + "name": "EWS search-mailbox test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", + "ews-search-mailbox", + "ews-move-item", "send-mail" ] } - }, + }, { "IntSights Test": { - "name": "IntSights Test", + "name": "IntSights Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", + "Print", + "VerifyContext", + "DeleteContext", + "Exists", "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", "intsights-get-alert-activities" ] } - }, + }, { "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", + "name": "SalesforceTestPlaybook", "implementing_scripts": [ - "ContextContains", + "ContextContains", "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", "salesforce-query" ] } - }, + }, { "Wildfire Test": { - "name": "Wildfire Test", + "name": "Wildfire Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", + "wildfire-upload", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "Vectra-test": { - "name": "Vectra-test", + "name": "Vectra-test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", "vectra-detections" ] } - }, + }, { "CuckooTest": { - "name": "CuckooTest", + "name": "CuckooTest", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Cuckoo", + "Detonate URL - Cuckoo", "Detonate File - Cuckoo" ] } - }, + }, { "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", + "name": "TextFromHTML Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "TextFromHTML" ] } - }, + }, { "PhishAi-Test": { - "name": "PhishAi-Test", + "name": "PhishAi-Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "phish-ai-scan-url" ] } - }, + }, { "Phishing test - attachment": { - "name": "Phishing test - attachment", + "name": "Phishing test - attachment", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", + "name": "Test-Detonate URL - Phish.AI", "implementing_playbooks": [ "Detonate URL - Phish.AI" ] } - }, + }, { "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", + "name": "ReversingLabsTCTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "file" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Carbon Black Enterprise Response" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", + "name": "PostgreSQL Test", + "fromversion": "3.6.0", "implementing_scripts": [ "VerifyHumanReadableEquals" - ], + ], "implementing_commands": [ "pgsql-query" ] } - }, + }, { "DUO Test Playbook": { - "name": "DUO Test Playbook", + "name": "DUO Test Playbook", "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", "PrintContext" - ], + ], "implementing_commands": [ "duo-preauth" ] } - }, + }, { "secureworks_test": { - "name": "Secureworks test", + "name": "Secureworks test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", "secure-works-get-tickets-updates" ] } - }, + }, { "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", + "name": "File Enrichment - Generic Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "File Enrichment - Generic" ] } - }, + }, { "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", + "name": "JSONtoCSV-Test", "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", "DeleteContext" ] } - }, + }, { "ZipFile-Test": { - "name": "ZipFile-Test", + "name": "ZipFile-Test", "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", "DeleteContext" ] } - }, + }, { "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", + "name": "AWS - IAM Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", "aws-iam-delete-instance-profile" ] } - }, + }, { "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", + "name": "ExposeIncidentOwner-Test", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", "AreValuesEqual" ] } - }, + }, { "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", + "name": "McAfeeWebGatewayTest", "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", + "ContextContains", + "DeleteContext", + "Sleep", "PrintContext" - ], + ], "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", "mwg-get-available-lists" ] } - }, + }, { "DemistoLockTest": { - "name": "DemistoLockTest", + "name": "DemistoLockTest", "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", + "Set", + "Print", + "DeleteContext", + "Sleep", "isError" - ], + ], "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", "demisto-lock-info" ] } - }, + }, { "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", + "name": "Detonate File - BitDam Test", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - BitDam" ] } - }, + }, { "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", + "name": "Luminate-TestPlaybook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", "lum-get-http-access-logs" ] } - }, + }, { "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", + "name": "McAfee-MAR_Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", + "mar-collectors-list", + "mar-search-multiple", "mar-search" ] } - }, + }, { "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", + "name": "Carbon Black Live Response Test", "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", + "TestCreateWordFile", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", "cb-session-close" ] } - }, + }, { "Recorded Future Test": { - "name": "Recorded Future Test", + "name": "Recorded Future Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", + "ip", + "domain", + "recorded-future-get-related-entities", "file" ] } - }, + }, { "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", + "name": "NetWitness Endpoint Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", "netwitness-get-machine-module" ] } - }, + }, { "DNSDBTest": { - "name": "DNSDBTest", + "name": "DNSDBTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "dnsdb-rrset", + "dnsdb-rrset", "dnsdb-rdata" ] } - }, + }, { "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", + "name": "VerifyHumanReadableFormat", "implementing_scripts": [ - "VerifyTableToMarkDown", + "VerifyTableToMarkDown", "VerifyTreeToFlatObject" ] } - }, + }, { "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Domain Enrichment - Generic" ] } - }, + }, { "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", "file" ] } - }, + }, { "ParseExcel-test": { - "name": "ParseExcel-test", + "name": "ParseExcel-test", "implementing_scripts": [ - "ParseExcel", - "DeleteContext", + "ParseExcel", + "DeleteContext", "http" ] } - }, + }, { "Zoom_Test": { - "name": "Zoom_Test", + "name": "Zoom_Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", + "Print", + "VerifyContext", + "GenerateEmail", "DeleteContext" - ], + ], "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", "zoom-delete-user" ] } - }, + }, { "DomainTools-Test": { - "name": "DomainTools-Test", + "name": "DomainTools-Test", "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", + "VerifyContext", + "NotInContextVerification", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", "reverseIP" ] } - }, + }, { "RedLockTest": { - "name": "RedLockTest", + "name": "RedLockTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", "redlock-dismiss-alerts" ] } - }, + }, { "TruSTAR Test": { - "name": "TruSTAR Test", + "name": "TruSTAR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", "trustar-search-indicators" ] } - }, + }, { "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", "Detonate URL - JoeSecurity" ] } - }, + }, { "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", + "name": "Symantec Messaging Gateway Test", "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", + "GenerateIP", + "VerifyContext", + "GenerateUUID", "AreValuesEqual" - ], + ], "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", "smg-unblock-email" ] } - }, + }, { "devo_test_playbook": { - "name": "Devo test playbook", + "name": "Devo test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "devo-query" ] } - }, + }, { "Lastline - testplaybook": { - "name": "Lastline - testplaybook", + "name": "Lastline - testplaybook", "implementing_scripts": [ - "DeleteContext", - "Set", + "DeleteContext", + "Set", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Lastline", + "Detonate URL - Lastline", "Detonate File - Lastline" ] } - }, + }, { "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Test CommonServer": { - "name": "Test CommonServer", + "name": "Test CommonServer", "implementing_scripts": [ "TestFormatTableValues" ] } - }, + }, { "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", + "name": "Test filters & transformers scripts", "implementing_scripts": [ - "RaiseError", - "Print", + "RaiseError", + "Print", "Set" ] } - }, + }, { "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", + "name": "virusTotalPrivateAPI-test-playbook", "implementing_scripts": [ - "VerifyContext", - "StringContains", + "VerifyContext", + "StringContains", "DeleteContext" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-file-report", "vt-private-get-domain-report" ] } - }, + }, { "SCADAfence_test": { - "name": "SCADAfence_test", + "name": "SCADAfence_test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", + "scadafence-getAsset", + "scadafence-setAlertStatus", "scadafence-getAlerts" ] } - }, + }, { "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", + "name": "SymantecEndpointProtection Test", "implementing_scripts": [ - "SEPScan", - "VerifyContext", + "SEPScan", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", "sep-system-info" ] } - }, + }, { "PagerDuty Test": { - "name": "PagerDuty Test", + "name": "PagerDuty Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", "PagerDuty-get-users-on-call-now" ] } - }, + }, { "pan-appframework-test": { - "name": "pan-appframework-test", + "name": "pan-appframework-test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "pan-appframework-query-logs" ] } - }, + }, { "TestSafeBreach": { - "name": "TestSafeBreach", + "name": "TestSafeBreach", "implementing_commands": [ - "safebreach-get-simulation", + "safebreach-get-simulation", "safebreach-rerun" ] } - }, + }, { "ExifReadTest": { - "name": "ExifReadTest", + "name": "ExifReadTest", "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", + "GenerateImageFileEntry", + "ExifRead", "DeleteContext" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "McAfee-TIE Test": { - "name": "McAfee-TIE Test", + "name": "McAfee-TIE Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "tie-file-references", - "file", + "tie-file-references", + "file", "tie-set-file-reputation" ] } - }, + }, { "SymantecMSSTest": { - "name": "SymantecMSSTest", + "name": "SymantecMSSTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", + "symantec-mss-incidents-list", + "symantec-mss-update-incident", "symantec-mss-get-incident" ] } - }, + }, + { + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", + "implementing_scripts": [ + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" + ] + } + }, { "SLA Scripts - Test": { "name": "SLA Scripts - Test", From 5c5cb8d6caee93e4c0d9f0ac06c64d9a17174451 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 15:55:49 +0200 Subject: [PATCH 44/49] Removed random spaces at the end of lines + dupes again --- Tests/id_set.json | 13984 ++++++++++++++++++++++---------------------- 1 file changed, 6960 insertions(+), 7024 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 3c9ed1761d12..af73bff2c7e4 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -2,14399 +2,14335 @@ "scripts": [ { "AwsStopInstance": { - "name": "AwsStopInstance", + "name": "AwsStopInstance", "depends_on": [ "stop-instance" ] } - }, + }, { "PWFindEvents": { - "name": "PWFindEvents", - "deprecated": true, + "name": "PWFindEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "QRadarClassifier": { - "name": "QRadarClassifier", - "deprecated": true, + "name": "QRadarClassifier", + "deprecated": true, "depends_on": [ "qradar-searches" ] } - }, + }, { "VolLDRModules": { "name": "VolLDRModules" } - }, + }, { "CPShowHosts": { - "name": "CPShowHosts", - "deprecated": true, + "name": "CPShowHosts", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "PWSensors": { - "name": "PWSensors", - "deprecated": true, + "name": "PWSensors", + "deprecated": true, "depends_on": [ "sensors" - ], + ], "script_executions": [ "sensors" ] } - }, + }, { "ADListComputers": { - "name": "ADListComputers", - "deprecated": true, + "name": "ADListComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CheckWhitelist": { - "name": "CheckWhitelist", - "deprecated": true, + "name": "CheckWhitelist", + "deprecated": true, "script_executions": [ "getList" ] } - }, + }, { "VectraHosts": { - "name": "VectraHosts", - "deprecated": true, + "name": "VectraHosts", + "deprecated": true, "depends_on": [ "vec-hosts" ] } - }, + }, { "SetContext": { - "name": "SetContext", + "name": "SetContext", "deprecated": true } - }, + }, { "D2Autoruns": { "name": "D2Autoruns" } - }, + }, { "MathUtil": { "name": "MathUtil" } - }, + }, { "CBFindHash": { - "name": "CBFindHash", - "deprecated": true, + "name": "CBFindHash", + "deprecated": true, "depends_on": [ "cb-binary" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "fromversion": "3.5.0", + "name": "SendEmailToManager", + "fromversion": "3.5.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", + "AdSearch", "addEntitlement" ] } - }, + }, { "FileCreateAndUpload": { "name": "FileCreateAndUpload" } - }, + }, { "DecodeMimeHeader": { "name": "DecodeMimeHeader" } - }, + }, { "WildfireUpload": { - "name": "WildfireUpload", - "deprecated": true, + "name": "WildfireUpload", + "deprecated": true, "depends_on": [ "wildfire-upload" ] } - }, + }, { "CYFileRep": { - "name": "CYFileRep", + "name": "CYFileRep", "depends_on": [ - "file", + "file", "cy-upload" - ], + ], "script_executions": [ - "getEntry", - "file", + "getEntry", + "file", "file" ] } - }, + }, { "PanoramaPcaps": { - "name": "PanoramaPcaps", - "deprecated": true, + "name": "PanoramaPcaps", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ExtractDomain": { - "name": "ExtractDomain", + "name": "ExtractDomain", "toversion": "3.0.0" } - }, + }, { "ExposeUsers": { - "name": "ExposeUsers", + "name": "ExposeUsers", "deprecated": true } - }, + }, { "Print": { "name": "Print" } - }, + }, { "CSIndicators": { - "name": "CSIndicators", - "deprecated": true, + "name": "CSIndicators", + "deprecated": true, "depends_on": [ "cs-indicators" ] } - }, + }, { "PWEventPcapInfo": { - "name": "PWEventPcapInfo", - "deprecated": true, + "name": "PWEventPcapInfo", + "deprecated": true, "depends_on": [ "event-pcap-info" ] } - }, + }, { "JiraIssueQuery": { - "name": "JiraIssueQuery", - "deprecated": true, + "name": "JiraIssueQuery", + "deprecated": true, "depends_on": [ "jira-issue-query" ] } - }, + }, { "ADGetAllUsersEmail": { - "name": "ADGetAllUsersEmail", - "deprecated": true, + "name": "ADGetAllUsersEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooDetonateFile": { - "name": "CuckooDetonateFile", + "name": "CuckooDetonateFile", "depends_on": [ "cuckoo-create-task-from-file" ] } - }, + }, { "EPORepoList": { - "name": "EPORepoList", - "deprecated": true, + "name": "EPORepoList", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "GrrSetFlows": { - "name": "GrrSetFlows", + "name": "GrrSetFlows", "depends_on": [ "grr_set_flows" - ], + ], "script_executions": [ "grr_set_flows" ] } - }, + }, { "VectraGetDetetctionsById": { - "name": "VectraGetDetetctionsById", - "deprecated": true, + "name": "VectraGetDetetctionsById", + "deprecated": true, "depends_on": [ "vec-get-detetctions-by-id" ] } - }, + }, { "CommonD2": { "name": "CommonD2" } - }, + }, { "FilterByList": { - "name": "FilterByList", + "name": "FilterByList", "script_executions": [ "getList" ] } - }, + }, { "ExtractHash": { "name": "ExtractHash" } - }, + }, { "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { "name": "commentsToContext" } - }, + }, { "ConvertXmlFileToJson": { "name": "ConvertXmlFileToJson" } - }, + }, { "IPExtract": { - "name": "IPExtract", + "name": "IPExtract", "deprecated": true } - }, + }, { "DBotAverageScore": { "name": "DBotAverageScore" } - }, + }, { "NessusCreateScan": { - "name": "NessusCreateScan", - "deprecated": true, + "name": "NessusCreateScan", + "deprecated": true, "depends_on": [ "scan-create" ] } - }, + }, { "StixParser": { "name": "StixParser" } - }, + }, { "NessusShowEditorTemplates": { - "name": "NessusShowEditorTemplates", - "deprecated": true, + "name": "NessusShowEditorTemplates", + "deprecated": true, "depends_on": [ "nessus-get-scans-editors" ] } - }, + }, { "QrFullSearch": { - "name": "QrFullSearch", - "deprecated": true, + "name": "QrFullSearch", + "deprecated": true, "depends_on": [ - "QrGetSearchResults", - "qr-get-search", + "QrGetSearchResults", + "qr-get-search", "qr-searches" - ], + ], "script_executions": [ "QrGetSearchResults" ] } - }, + }, { "FetchFromInstance": { - "name": "FetchFromInstance", - "fromversion": "4.0.0", + "name": "FetchFromInstance", + "fromversion": "4.0.0", "deprecated": true } - }, + }, { "a6e348f4-1e40-4365-870c-52139c60779a": { - "name": "OktaGetUser", - "deprecated": true, + "name": "OktaGetUser", + "deprecated": true, "depends_on": [ "okta-get-user" ] } - }, + }, { "VolConnscan": { "name": "VolConnscan" } - }, + }, { "840aa9a7-04b2-4505-8238-8fe85f010dde": { - "name": "OktaActivateUser", - "deprecated": true, + "name": "OktaActivateUser", + "deprecated": true, "depends_on": [ "okta-activate-user" ] } - }, + }, { "CBLiveGetFile": { - "name": "CBLiveGetFile", - "depends_on": [ - "cb-session-create", - "cb-sensor-info", - "cb-command-create", - "cb-session-info", - "cb-file-get", - "cb-command-info", + "name": "CBLiveGetFile", + "depends_on": [ + "cb-session-create", + "cb-sensor-info", + "cb-command-create", + "cb-session-info", + "cb-file-get", + "cb-command-info", "cb-list-sessions" ] } - }, + }, { "ScheduleGenericPolling": { - "name": "ScheduleGenericPolling", + "name": "ScheduleGenericPolling", "fromversion": "4.0.0" } - }, + }, { "AddEvidence": { - "name": "AddEvidence", + "name": "AddEvidence", "fromversion": "2.5.0" } - }, + }, { "Ping": { "name": "Ping" } - }, + }, { "EncodeToAscii": { "name": "EncodeToAscii" } - }, + }, { "ServiceNowCreateIncident": { - "name": "ServiceNowCreateIncident", + "name": "ServiceNowCreateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-create-record" ] } - }, + }, { "TriagePhishing": { - "name": "TriagePhishing", + "name": "TriagePhishing", "deprecated": true } - }, + }, { "LessThanPercentage": { "name": "LessThanPercentage" } - }, + }, { "TrendmicroAlertStatus": { - "name": "TrendmicroAlertStatus", + "name": "TrendmicroAlertStatus", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "SandboxDetonateFile": { - "name": "SandboxDetonateFile", - "script_executions": [ - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "getEntry", - "CuckooDetonateFile", - "CuckooTaskStatus", + "name": "SandboxDetonateFile", + "script_executions": [ + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "IsIntegrationAvailable", + "getEntry", + "CuckooDetonateFile", + "CuckooTaskStatus", "CuckooGetReport" ] } - }, + }, { "ParseEmailFiles": { - "name": "ParseEmailFiles", + "name": "ParseEmailFiles", "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "ConferSetSeverity": { - "name": "ConferSetSeverity", + "name": "ConferSetSeverity", "depends_on": [ "confer" - ], + ], "script_executions": [ "setSeverity" ] } - }, + }, { "ReverseList": { "name": "ReverseList" } - }, + }, { "ImpSfListEndpoints": { - "name": "ImpSfListEndpoints", + "name": "ImpSfListEndpoints", "depends_on": [ "imp-sf-list-endpoints" ] } - }, + }, { "9364c36f-b1d6-4233-88c2-75008b106c31": { - "name": "vmray_getResults", + "name": "vmray_getResults", "depends_on": [ "get_job_sample" - ], + ], "script_executions": [ - "get_job_sample", - "get_results", + "get_job_sample", + "get_results", "scheduleEntry" ] } - }, + }, { "InviteUser": { "name": "InviteUser" } - }, + }, { "VectraDetections": { - "name": "VectraDetections", - "deprecated": true, + "name": "VectraDetections", + "deprecated": true, "depends_on": [ "vec-detections" ] } - }, + }, { "StaticAnalyze": { "name": "StaticAnalyze" } - }, + }, { "GetContextValue": { - "name": "GetContextValue", + "name": "GetContextValue", "deprecated": true } - }, + }, { "TaniumFilterComputersByIndexQueryFileDetails": { - "name": "TaniumFilterComputersByIndexQueryFileDetails", + "name": "TaniumFilterComputersByIndexQueryFileDetails", "depends_on": [ "tn-ask-manual-question" ] } - }, + }, { "D2O365ComplianceSearch": { "name": "D2O365ComplianceSearch" } - }, + }, { "SearchIncidents": { "name": "SearchIncidents" } - }, + }, { "CuckooDisplayReport": { - "name": "CuckooDisplayReport", + "name": "CuckooDisplayReport", "depends_on": [ "ck-report" - ], + ], "script_executions": [ - "getFilePath", + "getFilePath", "getEntry" ] } - }, + }, { "VolPSList": { "name": "VolPSList" } - }, + }, { "CBLiveProcessList": { - "name": "CBLiveProcessList", + "name": "CBLiveProcessList", "depends_on": [ - "cb-command-info", + "cb-command-info", "cb-command-create" ] } - }, + }, { "GoogleappsGmailGetMail": { - "name": "GoogleappsGmailGetMail", - "deprecated": true, + "name": "GoogleappsGmailGetMail", + "deprecated": true, "depends_on": [ "googleapps-gmail-get-mail" ] } - }, + }, { "PTEnrich": { - "name": "PTEnrich", - "depends_on": [ - "pt-osint", - "pt-whois", - "pt-malware", - "pt-enrichment", - "pt-get-subdomains", - "pt-ssl-cert", + "name": "PTEnrich", + "depends_on": [ + "pt-osint", + "pt-whois", + "pt-malware", + "pt-enrichment", + "pt-get-subdomains", + "pt-ssl-cert", "pt-passive-dns" ] } - }, + }, { "ResolveShortenedURL": { "name": "ResolveShortenedURL" } - }, + }, { "CommonServerUserPython": { "name": "CommonServerUserPython" } - }, + }, { "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { - "name": "NetwitnessSearch", + "name": "NetwitnessSearch", "depends_on": [ "nw-sdk-search" ] } - }, + }, { "RunSqlQuery": { - "name": "RunSqlQuery", - "deprecated": true, + "name": "RunSqlQuery", + "deprecated": true, "depends_on": [ "query" - ], + ], "script_executions": [ "query" ] } - }, + }, { "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { - "name": "VerifyContext", + "name": "VerifyContext", "deprecated": true } - }, + }, { "TimeStampToDate": { "name": "TimeStampToDate" } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "toversion": "3.1.0", + "name": "SlackAskUser", + "toversion": "3.1.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addOneTimeEntitlement" ] } - }, + }, { "CPShowAccessRulebase": { - "name": "CPShowAccessRulebase", - "deprecated": true, + "name": "CPShowAccessRulebase", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "VolNetworkConnections": { "name": "VolNetworkConnections" } - }, + }, { "DemistoDeleteIncident": { - "name": "DemistoDeleteIncident", - "deprecated": true, + "name": "DemistoDeleteIncident", + "deprecated": true, "depends_on": [ "demisto-api-post" ] } - }, + }, { "SSDeepReputation": { - "name": "SSDeepReputation", + "name": "SSDeepReputation", "script_executions": [ - "findIndicators", + "findIndicators", "getContext" ] } - }, + }, { "GrrGetHunt": { - "name": "GrrGetHunt", + "name": "GrrGetHunt", "depends_on": [ "grr_get_hunt" - ], + ], "script_executions": [ "grr_get_hunt" ] } - }, + }, { "findIncidentsWithIndicator": { "name": "findIncidentsWithIndicator" } - }, + }, { "ExifRead": { "name": "ExifRead" } - }, + }, { "AlgosecGetTicket": { - "name": "AlgosecGetTicket", + "name": "AlgosecGetTicket", "depends_on": [ "algosec-get-ticket" ] } - }, + }, { "IncapGetDomainApproverEmail": { - "name": "IncapGetDomainApproverEmail", + "name": "IncapGetDomainApproverEmail", "depends_on": [ "incap-get-domain-approver-email" ] } - }, + }, { "ElasticSearchDisplay": { - "name": "ElasticSearchDisplay", + "name": "ElasticSearchDisplay", "depends_on": [ "search" ] } - }, + }, { "ContextGetIps": { "name": "ContextGetIps" } - }, + }, { "D2Hardware": { "name": "D2Hardware" } - }, + }, { "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { - "name": "OktaSearch", - "deprecated": true, + "name": "OktaSearch", + "deprecated": true, "depends_on": [ "okta-search" ] } - }, + }, { "TrendmicroSecurityProfileRetrieveAll": { - "name": "TrendmicroSecurityProfileRetrieveAll", + "name": "TrendmicroSecurityProfileRetrieveAll", "depends_on": [ "trendmicro-security-profile-retrieve-all" ] } - }, + }, { "PanoramaConfig": { - "name": "PanoramaConfig", - "deprecated": true, + "name": "PanoramaConfig", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "RepopulateFiles": { - "name": "RepopulateFiles", + "name": "RepopulateFiles", "script_executions": [ "getEntries" ] } - }, + }, { "SendMessageToOnlineUsers": { "name": "SendMessageToOnlineUsers" } - }, + }, { "SetIncidentCustomFields": { "name": "SetIncidentCustomFields" } - }, + }, { "CEFParser": { "name": "CEFParser" } - }, + }, { "ADSetNewPassword": { - "name": "ADSetNewPassword", - "deprecated": true, + "name": "ADSetNewPassword", + "deprecated": true, "depends_on": [ "ad-set-new-password" ] } - }, + }, { "misp_upload_sample": { - "name": "misp_upload_sample", + "name": "misp_upload_sample", "depends_on": [ "internal-misp-upload-sample" - ], + ], "script_executions": [ "getFilePath" ] } - }, + }, { "IsValueInArray": { "name": "IsValueInArray" } - }, + }, { "displayhtml": { "name": "DisplayHTML" } - }, + }, { "VectraClassifier": { - "name": "VectraClassifier", - "deprecated": true, + "name": "VectraClassifier", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "JSONtoCSV": { - "name": "JSONtoCSV", + "name": "JSONtoCSV", "script_executions": [ "getEntry" ] } - }, + }, { "ConferIncidentDetails": { - "name": "ConferIncidentDetails", + "name": "ConferIncidentDetails", "depends_on": [ "confer" ] } - }, + }, { "ParseJSON": { "name": "ParseJSON" } - }, + }, { "ScheduleCommand": { "name": "ScheduleCommand" } - }, + }, { "XBTimeline": { - "name": "XBTimeline", + "name": "XBTimeline", "depends_on": [ "xb-timeline" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "toversion": "3.1.0" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "toversion": "3.5.0", + "name": "IncidentSet", + "toversion": "3.5.0", "script_executions": [ - "setOwner", - "setStage", - "setIncident", + "setOwner", + "setStage", + "setIncident", "setPlaybook" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "deprecated": true } - }, + }, { "URLSSLVerification": { "name": "URLSSLVerification" } - }, + }, { "EmailDomainSquattingReputation": { "name": "EmailDomainSquattingReputation" } - }, + }, { "XBUser": { - "name": "XBUser", + "name": "XBUser", "depends_on": [ "xb-user" ] } - }, + }, { "SNUpdateTicket": { - "name": "SNUpdateTicket", - "deprecated": true, + "name": "SNUpdateTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-update" ] } - }, + }, { "ticksToTime": { "name": "ticksToTime" } - }, + }, { "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { - "name": "VirustotalIsMalicious", - "deprecated": true, + "name": "VirustotalIsMalicious", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "file", + "file", "file" ] } - }, + }, { "TopMaliciousRatioIndicators": { - "name": "TopMaliciousRatioIndicators", - "fromversion": "4.0.0", + "name": "TopMaliciousRatioIndicators", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "SetMultipleValues": { "name": "SetMultipleValues" } - }, + }, { "PanoramaCommit": { - "name": "PanoramaCommit", - "deprecated": true, + "name": "PanoramaCommit", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "CloseInvestigation": { - "name": "CloseInvestigation", + "name": "CloseInvestigation", "deprecated": true } - }, + }, { "CrowdStrikeUrlParse": { "name": "CrowdStrikeUrlParse" } - }, + }, { "MarkRelatedIncidents": { "name": "MarkRelatedIncidents" } - }, + }, { "DemistoSendInvite": { - "name": "DemistoSendInvite", + "name": "DemistoSendInvite", "depends_on": [ - "demisto-api-post", + "demisto-api-post", "demisto-api-get" ] } - }, + }, { "CommonIntegrationPython": { - "name": "CommonIntegrationPython", + "name": "CommonIntegrationPython", "deprecated": true } - }, + }, { "RunDockerCommand": { "name": "RunDockerCommand" } - }, + }, { "GoogleappsGmailSearch": { - "name": "GoogleappsGmailSearch", - "deprecated": true, + "name": "GoogleappsGmailSearch", + "deprecated": true, "depends_on": [ "googleapps-gmail-search" ] } - }, + }, { "EPODetermineRepository": { - "name": "EPODetermineRepository", + "name": "EPODetermineRepository", "deprecated": true } - }, + }, { "emailFieldTriggered": { "name": "emailFieldTriggered" } - }, + }, { "TrendMicroGetPolicyID": { - "name": "TrendMicroGetPolicyID", + "name": "TrendMicroGetPolicyID", "depends_on": [ "trendmicro-security-profile-retrieve-all" - ], + ], "script_executions": [ "TrendmicroSecurityProfileRetrieveAll" ] } - }, + }, { "AquatoneDiscover": { "name": "AquatoneDiscover" } - }, + }, { "ExtractDomainFromURL": { - "name": "ExtractDomainFromURL", + "name": "ExtractDomainFromURL", "deprecated": true } - }, + }, { "NetwitnessSAUpdateIncident": { - "name": "NetwitnessSAUpdateIncident", - "deprecated": true, + "name": "NetwitnessSAUpdateIncident", + "deprecated": true, "depends_on": [ "nw-update-incident" ] } - }, + }, { "UnzipFile": { - "name": "UnzipFile", + "name": "UnzipFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "NetwitnessSAGetAvailableAssignees": { - "name": "NetwitnessSAGetAvailableAssignees", + "name": "NetwitnessSAGetAvailableAssignees", "depends_on": [ "nw-get-available-assignees" ] } - }, + }, { "QualysCreateIncidentFromReport": { - "name": "QualysCreateIncidentFromReport", + "name": "QualysCreateIncidentFromReport", "depends_on": [ "qualys-host-list" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "CuckooDetonateURL": { - "name": "CuckooDetonateURL", + "name": "CuckooDetonateURL", "depends_on": [ "cuckoo-create-task-from-url" ] } - }, + }, { "UserEnrichAD": { - "name": "UserEnrichAD", + "name": "UserEnrichAD", "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUser" ] } - }, + }, { "WordTokenizer": { "name": "WordTokenizer" } - }, + }, { "da8594b8-0b57-4cb2-8578-94754bb577c6": { - "name": "NetwitnessSAListIncidents", + "name": "NetwitnessSAListIncidents", "depends_on": [ "nw-list-incidents" ] } - }, + }, { "IsContextSet": { - "name": "IsContextSet", + "name": "IsContextSet", "deprecated": true } - }, + }, { "Set": { "name": "Set" } - }, + }, { "ArcherCreateSecurityIncident": { - "name": "ArcherCreateSecurityIncident", + "name": "ArcherCreateSecurityIncident", "depends_on": [ "archer-create-record" ] } - }, + }, { "VolMalfindDumpAgent": { "name": "VolMalfindDumpAgent" } - }, + }, { "TrendmicroSystemEventRetrieve": { - "name": "TrendmicroSystemEventRetrieve", + "name": "TrendmicroSystemEventRetrieve", "depends_on": [ "trendmicro-system-event-retrieve" ] } - }, + }, { "MimecastFindEmail": { - "name": "MimecastFindEmail", + "name": "MimecastFindEmail", "depends_on": [ "mimecast-query" ] } - }, + }, { "D2Drop": { "name": "D2Drop" } - }, + }, { "TaniumFindRunningProcesses": { - "name": "TaniumFindRunningProcesses", - "deprecated": true, + "name": "TaniumFindRunningProcesses", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "NessusScanDetails": { - "name": "NessusScanDetails", - "deprecated": true, + "name": "NessusScanDetails", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "CBPCatalogFindHash": { - "name": "CBPCatalogFindHash", + "name": "CBPCatalogFindHash", "depends_on": [ "cbp-fileCatalog-search" ] } - }, + }, { "checkValue": { "name": "checkValue" } - }, + }, { "WhileLoop": { - "name": "WhileLoop", + "name": "WhileLoop", "deprecated": true } - }, + }, { "D2GetSystemLog": { "name": "D2GetSystemLog" } - }, + }, { "CopyFileD2": { "name": "CopyFileD2" } - }, + }, { "CheckFilesWildfirePy": { - "name": "CheckFilesWildfirePy", + "name": "CheckFilesWildfirePy", "depends_on": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "ADGetGroupMembers": { - "name": "ADGetGroupMembers", + "name": "ADGetGroupMembers", "depends_on": [ "ad-search" ] } - }, + }, { "SCPPullFiles": { - "name": "SCPPullFiles", + "name": "SCPPullFiles", "depends_on": [ "copy-from" ] } - }, + }, { "ReadFile": { - "name": "ReadFile", + "name": "ReadFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSensors": { - "name": "VectraSensors", - "deprecated": true, + "name": "VectraSensors", + "deprecated": true, "depends_on": [ "vec-sensors" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "deprecated": true, + "name": "QRadarFullSearch", + "deprecated": true, "depends_on": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "CSActors": { - "name": "CSActors", - "deprecated": true, + "name": "CSActors", + "deprecated": true, "depends_on": [ "cs-actors" ] } - }, + }, { "NessusGetReport": { - "name": "NessusGetReport", - "deprecated": true, + "name": "NessusGetReport", + "deprecated": true, "depends_on": [ - "scan-report-download", - "scan-export", + "scan-report-download", + "scan-export", "scan-export-status" ] } - }, + }, { "VolRaw": { "name": "VolRaw" } - }, + }, { "Base64Encode": { "name": "Base64Encode" } - }, + }, { "LCMAcknowledgeHost": { - "name": "LCMAcknowledgeHost", + "name": "LCMAcknowledgeHost", "depends_on": [ "lcm-acknowledge-host" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "ExtractEmail": { "name": "ExtractEmail" } - }, + }, { "NexposeVulnExtractor": { - "name": "NexposeVulnExtractor", + "name": "NexposeVulnExtractor", "depends_on": [ "nexpose" ] } - }, + }, { "XBTriggeredRules": { - "name": "XBTriggeredRules", + "name": "XBTriggeredRules", "depends_on": [ "xb-triggered-rules" ] } - }, + }, { "LoadJSON": { "name": "LoadJSON" } - }, + }, { "CommonUserServer": { "name": "CommonUserServer" } - }, + }, { "IsMaliciousIndicatorFound": { "name": "IsMaliciousIndicatorFound" } - }, + }, { "D2ActiveUsers": { "name": "D2ActiveUsers" } - }, + }, { "BuildEWSQuery": { "name": "BuildEWSQuery" } - }, + }, { "da330ce7-3a93-430c-8454-03b96cf5184e": { - "name": "OktaCreateUser", - "deprecated": true, + "name": "OktaCreateUser", + "deprecated": true, "depends_on": [ "okta-create-user" ] } - }, + }, { "JiraIssueUploadFile": { - "name": "JiraIssueUploadFile", - "deprecated": true, + "name": "JiraIssueUploadFile", + "deprecated": true, "depends_on": [ "jira-issue-upload-file" ] } - }, + }, { "PanoramaDynamicAddressGroup": { - "name": "PanoramaDynamicAddressGroup", + "name": "PanoramaDynamicAddressGroup", "deprecated": true } - }, + }, { "ActiveUsersD2": { "name": "ActiveUsersD2" } - }, + }, { "ParseExcel": { - "name": "ParseExcel", + "name": "ParseExcel", "script_executions": [ "getFilePath" ] } - }, + }, { "MatchRegex": { "name": "MatchRegex" } - }, + }, { "ip_to_host": { "name": "IPToHost" } - }, + }, { "AlgosecGetNetworkObject": { - "name": "AlgosecGetNetworkObject", + "name": "AlgosecGetNetworkObject", "depends_on": [ "algosec-get-network-object" ] } - }, + }, { "Autoruns": { "name": "Autoruns" } - }, + }, { "VectraTriage": { - "name": "VectraTriage", - "deprecated": true, + "name": "VectraTriage", + "deprecated": true, "depends_on": [ "vec-triage" ] } - }, + }, { "ATDDetonate": { - "name": "ATDDetonate", + "name": "ATDDetonate", "depends_on": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "XBInfo": { "name": "XBInfo" } - }, + }, { "NetwitnessSACreateIncident": { - "name": "NetwitnessSACreateIncident", + "name": "NetwitnessSACreateIncident", "depends_on": [ "nw-create-incident" ] } - }, + }, { "ExchangeSearchMailbox": { "name": "ExchangeSearchMailbox" } - }, + }, { "DT": { "name": "DT" } - }, + }, { "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { - "name": "VerifyContextFields", + "name": "VerifyContextFields", "deprecated": true } - }, + }, { "5d44a5d9-d91a-4420-801f-755f26b60c47": { - "name": "cveLatest", - "deprecated": true, + "name": "cveLatest", + "deprecated": true, "depends_on": [ "cve-latest" ] } - }, + }, { "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { - "name": "CheckpointFWCreateBackup", + "name": "CheckpointFWCreateBackup", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "DemistoLogsBundle": { - "name": "DemistoLogsBundle", + "name": "DemistoLogsBundle", "depends_on": [ "demisto-api-download" ] } - }, + }, { "ContextGetEmails": { "name": "ContextGetEmails" } - }, + }, { "nexpose_create_incidents_from_assets": { - "name": "NexposeCreateIncidentsFromAssets", + "name": "NexposeCreateIncidentsFromAssets", "depends_on": [ "nexpose-get-asset" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { "name": "BlockIP" } - }, + }, { "ExchangeSearch": { - "name": "ExchangeSearch", - "deprecated": true, + "name": "ExchangeSearch", + "deprecated": true, "depends_on": [ "ews-search-mailbox" ] } - }, + }, { "CPSetRule": { - "name": "CPSetRule", - "deprecated": true, + "name": "CPSetRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", + "checkpoint", "checkpoint" ] } - }, + }, { "VolGetProcWithMalNetConn": { "name": "VolGetProcWithMalNetConn" } - }, + }, { "ConvertTableToHTML": { "name": "ConvertTableToHTML" } - }, + }, { "StringLength": { "name": "StringLength" } - }, + }, { "CuckooGetScreenshot": { - "name": "CuckooGetScreenshot", + "name": "CuckooGetScreenshot", "depends_on": [ "cuckoo-task-screenshot" ] } - }, + }, { "VolMalfind": { "name": "VolMalfind" } - }, + }, { "ExposeModules": { - "name": "ExposeModules", + "name": "ExposeModules", "deprecated": true } - }, + }, { "GrrGetFlows": { - "name": "GrrGetFlows", + "name": "GrrGetFlows", "depends_on": [ "grr_get_flows" - ], + ], "script_executions": [ "grr_get_flows" ] } - }, + }, { "IsTrue": { "name": "IsTrue" } - }, + }, { "SplunkSearchJsonPy": { - "name": "SplunkSearchJsonPy", - "deprecated": true, + "name": "SplunkSearchJsonPy", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "UnEscapeURLs": { "name": "UnEscapeURLs" } - }, + }, { "ProofpointDecodeURL": { "name": "ProofpointDecodeURL" } - }, + }, { "ReadPDFFile": { - "name": "ReadPDFFile", + "name": "ReadPDFFile", "script_executions": [ "getFilePath" ] } - }, + }, { "ContextContains": { "name": "ContextContains" } - }, + }, { "ADIsUserMember": { - "name": "ADIsUserMember", - "deprecated": true, + "name": "ADIsUserMember", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ - "ADGetUserGroups", + "ADGetUserGroups", "AdSearch" ] } - }, + }, { "PanoramaMove": { - "name": "PanoramaMove", - "deprecated": true, + "name": "PanoramaMove", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ADGetUserGroups": { - "name": "ADGetUserGroups", - "deprecated": true, + "name": "ADGetUserGroups", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "ADUserLogonInfo": { - "name": "ADUserLogonInfo", - "deprecated": true, + "name": "ADUserLogonInfo", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "Osxcollector": { "name": "Osxcollector" } - }, + }, { "PWObservationPcapInfo": { - "name": "PWObservationPcapInfo", - "deprecated": true, + "name": "PWObservationPcapInfo", + "deprecated": true, "depends_on": [ "observation-pcap-info" ] } - }, + }, { "QrSearches": { - "name": "QrSearches", - "deprecated": true, + "name": "QrSearches", + "deprecated": true, "depends_on": [ "qr-searches" ] } - }, + }, { "ExtractIndicatorsFromTextFile": { "name": "ExtractIndicatorsFromTextFile" } - }, + }, { "CheckIPs": { - "name": "CheckIPs", - "deprecated": true, + "name": "CheckIPs", + "deprecated": true, "script_executions": [ "ip" ] } - }, + }, { "VolDlllist": { "name": "VolDlllist" } - }, + }, { "FPSetRule": { - "name": "FPSetRule", + "name": "FPSetRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "TrendMicroClassifier": { - "name": "TrendMicroClassifier", + "name": "TrendMicroClassifier", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "TrendMicroGetHostID": { - "name": "TrendMicroGetHostID", + "name": "TrendMicroGetHostID", "depends_on": [ "trendmicro-host-retrieve-all" - ], + ], "script_executions": [ "TrendmicroHostRetrieveAll" ] } - }, + }, { "ExtractDomainFromUrlAndEmail": { "name": "ExtractDomainFromUrlAndEmail" } - }, + }, { "VectraSettings": { - "name": "VectraSettings", - "deprecated": true, + "name": "VectraSettings", + "deprecated": true, "depends_on": [ "vec-settings" ] } - }, + }, { "GenerateInvestigationSummaryReport": { - "name": "GenerateInvestigationSummaryReport", + "name": "GenerateInvestigationSummaryReport", "fromversion": "3.5.0" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "fromversion": "3.1.0" } - }, + }, { "EPORepositoryComplianceCheck": { - "name": "EPORepositoryComplianceCheck", - "deprecated": true, + "name": "EPORepositoryComplianceCheck", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "PWObservations": { - "name": "PWObservations", - "deprecated": true, + "name": "PWObservations", + "deprecated": true, "depends_on": [ "observation-search" ] } - }, + }, { "DBotPredictTextLabel": { - "name": "DBotPredictTextLabel", - "fromversion": "4.1.0", + "name": "DBotPredictTextLabel", + "fromversion": "4.1.0", "script_executions": [ "getList" ] } - }, + }, { "InRange": { "name": "InRange" } - }, + }, { "IngestCSV": { - "name": "IngestCSV", - "deprecated": true, + "name": "IngestCSV", + "deprecated": true, "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "TrendmicroHostAntimalwareScan": { - "name": "TrendmicroHostAntimalwareScan", + "name": "TrendmicroHostAntimalwareScan", "depends_on": [ "trendmicro-host-antimalware-scan" ] } - }, + }, { "QrGetSearchResults": { - "name": "QrGetSearchResults", - "deprecated": true, + "name": "QrGetSearchResults", + "deprecated": true, "depends_on": [ "qr-get-search-results" ] } - }, + }, { "NessusHostDetails": { - "name": "NessusHostDetails", - "deprecated": true, + "name": "NessusHostDetails", + "deprecated": true, "depends_on": [ "scan-host-details" ] } - }, + }, { "WhereFieldEquals": { "name": "WhereFieldEquals" } - }, + }, { "OSQueryUsers": { - "name": "OSQueryUsers", + "name": "OSQueryUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "CrowdStrikeStreamingPreProcessing": { - "name": "CrowdStrikeStreamingPreProcessing", + "name": "CrowdStrikeStreamingPreProcessing", "script_executions": [ "addEntries" ] } - }, + }, { "Strings": { - "name": "Strings", + "name": "Strings", "script_executions": [ "getFilePath" ] } - }, + }, { "QrOffenses": { - "name": "QrOffenses", - "deprecated": true, + "name": "QrOffenses", + "deprecated": true, "depends_on": [ "qr-offenses" ] } - }, + }, { "LCMHosts": { "name": "LCMHosts" } - }, + }, { "RegProbeBasic": { "name": "RegProbeBasic" } - }, + }, { "ContextGetHashes": { "name": "ContextGetHashes" } - }, + }, { "NexposeEmailParser": { - "name": "NexposeEmailParser", + "name": "NexposeEmailParser", "depends_on": [ "nexpose" ] } - }, + }, { "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { - "name": "WhileNotMdLoop", + "name": "WhileNotMdLoop", "deprecated": true } - }, + }, { "SlackMirror": { - "name": "SlackMirror", - "deprecated": true, + "name": "SlackMirror", + "deprecated": true, "depends_on": [ "slack-mirror-investigation" ] } - }, + }, { "CheckFiles": { - "name": "CheckFiles", - "deprecated": true, + "name": "CheckFiles", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "IsIPInRanges": { "name": "IsIPInRanges" } - }, + }, { "CBSessions": { - "name": "CBSessions", + "name": "CBSessions", "depends_on": [ "cb-list-sessions" ] } - }, + }, { "JSONFileToCSV": { - "name": "JSONFileToCSV", + "name": "JSONFileToCSV", "script_executions": [ "getFilePath" ] } - }, + }, { "GeneratePassword": { "name": "GeneratePassword" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "fromversion": "3.5.1", - "deprecated": true, + "name": "IncidentSet", + "fromversion": "3.5.1", + "deprecated": true, "script_executions": [ - "setOwner", - "setStage", - "setIncident", + "setOwner", + "setStage", + "setIncident", "setPlaybook" ] } - }, + }, { "GoogleAuthURL": { "name": "GoogleAuthURL" } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "toversion": "3.0.1" } - }, + }, { "IPReputation": { - "name": "IPReputation", + "name": "IPReputation", "script_executions": [ "ip" ] } - }, + }, { "AwsCreateImage": { - "name": "AwsCreateImage", + "name": "AwsCreateImage", "depends_on": [ "create-image" ] } - }, + }, { "WildfireReport": { - "name": "WildfireReport", - "deprecated": true, + "name": "WildfireReport", + "deprecated": true, "depends_on": [ "wildfire-report" ] } - }, + }, { "LCMIndicatorsForEntity": { - "name": "LCMIndicatorsForEntity", + "name": "LCMIndicatorsForEntity", "depends_on": [ "lcm-indicatorsforentity" ] } - }, + }, { "hideFieldsOnNewIncident": { - "name": "hideFieldsOnNewIncident", + "name": "hideFieldsOnNewIncident", "fromversion": "3.6.0" } - }, + }, { "ImpSfScheduleTask": { - "name": "ImpSfScheduleTask", + "name": "ImpSfScheduleTask", "depends_on": [ - "ImpSfRevokeUnaccessedDevices", + "ImpSfRevokeUnaccessedDevices", "scheduleEntry" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "ServiceNowUpdateIncident": { - "name": "ServiceNowUpdateIncident", + "name": "ServiceNowUpdateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-update-record" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "toversion": "3.0.1" } - }, + }, { "SetDateField": { - "name": "SetDateField", + "name": "SetDateField", "script_executions": [ "setIncident" ] } - }, + }, { "ADGetEmailForUser": { - "name": "ADGetEmailForUser", - "deprecated": true, + "name": "ADGetEmailForUser", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.6.0", + "name": "EmailAskUser", + "toversion": "3.6.0", "fromversion": "3.5.0" } - }, + }, { "PWEventDetails": { - "name": "PWEventDetails", - "deprecated": true, + "name": "PWEventDetails", + "deprecated": true, "depends_on": [ "pw-event-get" ] } - }, + }, { "CheckSenderDomainDistance": { "name": "CheckSenderDomainDistance" } - }, + }, { "7b02fa0f-94ff-48c7-8350-b4e353702e73": { - "name": "VMRay", + "name": "VMRay", "depends_on": [ "upload_sample" - ], + ], "script_executions": [ - "getFilePath", - "upload_sample", + "getFilePath", + "upload_sample", "scheduleEntry" ] } - }, + }, { "PWObservationPcapDownload": { - "name": "PWObservationPcapDownload", + "name": "PWObservationPcapDownload", "depends_on": [ "observation-pcap-download" ] } - }, + }, { "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { - "name": "cveReputation", + "name": "cveReputation", "depends_on": [ "cve-search" ] } - }, + }, { "ParseEmailHeader": { - "name": "ParseEmailHeaders", + "name": "ParseEmailHeaders", "script_executions": [ "getFilePath" ] } - }, + }, { "IndicatorMaliciousRatioCalculation": { - "name": "IndicatorMaliciousRatioCalculation", - "fromversion": "3.5.0", + "name": "IndicatorMaliciousRatioCalculation", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", - "getIncidents", + "findIndicators", + "getIncidents", "getIncidents" ] } - }, + }, { "BinaryReputationPy": { - "name": "BinaryReputationPy", - "deprecated": true, + "name": "BinaryReputationPy", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "getEntries", - "file", + "getEntries", + "file", "file" ] } - }, + }, { "ArcherUpdateSecurityIncident": { - "name": "ArcherUpdateSecurityIncident", + "name": "ArcherUpdateSecurityIncident", "depends_on": [ "archer-update-record" ] } - }, + }, { "IsListExist": { - "name": "IsListExist", + "name": "IsListExist", "script_executions": [ "getList" ] } - }, + }, { "CSCountDevicesForIOC": { - "name": "CSCountDevicesForIOC", - "deprecated": true, + "name": "CSCountDevicesForIOC", + "deprecated": true, "depends_on": [ "cs-device-count-ioc" ] } - }, + }, { "LCMSetHostComment": { - "name": "LCMSetHostComment", + "name": "LCMSetHostComment", "depends_on": [ "lcm-set-host-comment" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "D2Exec": { "name": "D2Exec" } - }, + }, { "OSQueryProcesses": { - "name": "OSQueryProcesses", + "name": "OSQueryProcesses", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "NessusScanStatus": { - "name": "NessusScanStatus", - "deprecated": true, + "name": "NessusScanStatus", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "DemistoLinkIncidents": { - "name": "DemistoLinkIncidents", + "name": "DemistoLinkIncidents", "depends_on": [ "demisto-api-post" ] } - }, + }, { "JiraCreateIssue": { - "name": "JiraCreateIssue", - "deprecated": true, + "name": "JiraCreateIssue", + "deprecated": true, "depends_on": [ "jira-create-issue" ] } - }, + }, { "LocateAttachment": { - "name": "LocateAttachment", - "deprecated": true, + "name": "LocateAttachment", + "deprecated": true, "script_executions": [ "getEntries" ] } - }, + }, { "ADGetComputerGroups": { - "name": "ADGetComputerGroups", - "deprecated": true, + "name": "ADGetComputerGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "AdSearch" ] } - }, + }, { "MapValues": { "name": "MapValues" } - }, + }, { "QrGetSearch": { - "name": "QrGetSearch", - "deprecated": true, + "name": "QrGetSearch", + "deprecated": true, "depends_on": [ "qr-get-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "fromversion": "4.0.0" } - }, + }, { "AwsGetInstanceInfo": { - "name": "AwsGetInstanceInfo", + "name": "AwsGetInstanceInfo", "depends_on": [ - "get-instance-info", - "get-ebs-volume-info", + "get-instance-info", + "get-ebs-volume-info", "get-sg-info" ] } - }, + }, { "CreateArray": { "name": "CreateArray" } - }, + }, { "ADListUsers": { - "name": "ADListUsers", - "deprecated": true, + "name": "ADListUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CBPFindRule": { - "name": "CBPFindRule", + "name": "CBPFindRule", "depends_on": [ "cbp-fileRule-search" ] } - }, + }, { "GoogleappsListUsers": { - "name": "GoogleappsListUsers", - "deprecated": true, + "name": "GoogleappsListUsers", + "deprecated": true, "depends_on": [ "googleapps-list-users" ] } - }, + }, { "ParseCSV": { - "name": "ParseCSV", + "name": "ParseCSV", "script_executions": [ "getEntries" ] } - }, + }, { "D2Winpmem": { "name": "D2Winpmem" } - }, + }, { "AlgosecGetApplications": { - "name": "AlgosecGetApplications", + "name": "AlgosecGetApplications", "depends_on": [ "algosec-get-applications" ] } - }, + }, { "Elasticsearch": { - "name": "Elasticsearch", + "name": "Elasticsearch", "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "EPOUpdateRepository": { - "name": "EPOUpdateRepository", - "deprecated": true, + "name": "EPOUpdateRepository", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "ZipFile": { - "name": "ZipFile", + "name": "ZipFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSummary": { - "name": "VectraSummary", - "deprecated": true, + "name": "VectraSummary", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "MattermostAskUser": { - "name": "MattermostAskUser", + "name": "MattermostAskUser", "depends_on": [ "mattermost-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "WhoisSummary": { - "name": "WhoisSummary", - "deprecated": true, + "name": "WhoisSummary", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "AssignAnalystToIncident": { "name": "AssignAnalystToIncident" } - }, + }, { "Base64ListToFile": { - "name": "Base64ListToFile", + "name": "Base64ListToFile", "script_executions": [ "getList" ] } - }, + }, { "LCMPathFinderScanHost": { - "name": "LCMPathFinderScanHost", + "name": "LCMPathFinderScanHost", "depends_on": [ "lcm-pathfinder-scan" ] } - }, + }, { "IncapScheduleTask": { - "name": "IncapScheduleTask", + "name": "IncapScheduleTask", "depends_on": [ - "scheduleEntry", + "scheduleEntry", "IncapWhitelistCompliance" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "SbQuery": { - "name": "SbQuery", + "name": "SbQuery", "depends_on": [ "sb-query" ] } - }, + }, { "GetStringsDistance": { "name": "GetStringsDistance" } - }, + }, { "CSHuntByIOC": { - "name": "CSHuntByIOC", - "deprecated": true, + "name": "CSHuntByIOC", + "deprecated": true, "depends_on": [ "cs-device-ran-on" ] } - }, + }, { "FireEyeDetonateFile": { - "name": "FireEyeDetonateFile", + "name": "FireEyeDetonateFile", "depends_on": [ - "fe-submit", - "fe-submit-result", + "fe-submit", + "fe-submit-result", "fe-submit-status" - ], + ], "script_executions": [ "IsIntegrationAvailable" ] } - }, + }, { "514ec833-c02c-49a3-8ac6-d982198f5fa0": { - "name": "OktaUpdateUser", - "deprecated": true, + "name": "OktaUpdateUser", + "deprecated": true, "depends_on": [ "okta-update-user" ] } - }, + }, { "JoinIfSingleElementOnly": { "name": "JoinIfSingleElementOnly" } - }, + }, { "PWObservationDetails": { - "name": "PWObservationDetails", - "deprecated": true, + "name": "PWObservationDetails", + "deprecated": true, "depends_on": [ "pw-observation-get" ] } - }, + }, { "SNOpenTicket": { - "name": "SNOpenTicket", - "deprecated": true, + "name": "SNOpenTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-create" ] } - }, + }, { "IPInfoQuery": { - "name": "IPInfoQuery", - "deprecated": true, + "name": "IPInfoQuery", + "deprecated": true, "depends_on": [ "ipinfo_field" - ], + ], "script_executions": [ - "ipinfo_field", + "ipinfo_field", "ip" ] } - }, + }, { "RegCollectValues": { "name": "RegCollectValues" } - }, + }, { "MD5Extract": { - "name": "MD5Extract", + "name": "MD5Extract", "deprecated": true } - }, + }, { "CommonIntegration": { - "name": "CommonIntegration", + "name": "CommonIntegration", "deprecated": true } - }, + }, { "CBPBanHash": { - "name": "CBPBanHash", + "name": "CBPBanHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "URLDecode": { "name": "URLDecode" } - }, + }, { "AwsRunInstance": { - "name": "AwsRunInstance", + "name": "AwsRunInstance", "depends_on": [ "run-instance" ] } - }, + }, { "EPORetrieveCurrentDATVersion": { - "name": "EPORetrieveCurrentDATVersion", - "deprecated": true, + "name": "EPORetrieveCurrentDATVersion", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "TaniumShowPendingActions": { - "name": "TaniumShowPendingActions", - "deprecated": true, + "name": "TaniumShowPendingActions", + "deprecated": true, "depends_on": [ "tn-get-object" ] } - }, + }, { "PrintErrorEntry": { - "name": "PrintErrorEntry", + "name": "PrintErrorEntry", "fromversion": "4.0.0" } - }, + }, { "SEPCheckOutdatedEndpoints": { - "name": "SEPCheckOutdatedEndpoints", + "name": "SEPCheckOutdatedEndpoints", "depends_on": [ "sep-client-content" ] } - }, + }, { "URLNumberOfAds": { "name": "URLNumberOfAds" } - }, + }, { "IncidentToContext": { - "name": "IncidentToContext", + "name": "IncidentToContext", "deprecated": true } - }, + }, { "D2Users": { "name": "D2Users" } - }, + }, { "StripChars": { "name": "StripChars" } - }, + }, { "RegPathReputationBasicLists": { "name": "RegPathReputationBasicLists" } - }, + }, { "IsIntegrationAvailable": { "name": "IsIntegrationAvailable" } - }, + }, { "ExposeIncidentOwner": { "name": "ExposeIncidentOwner" } - }, + }, { "EmailReputation": { - "name": "EmailReputation", + "name": "EmailReputation", "script_executions": [ "email" ] } - }, + }, { "AwsCreateVolumeSnapshot": { - "name": "AwsCreateVolumeSnapshot", + "name": "AwsCreateVolumeSnapshot", "depends_on": [ "create-volume-snapshot" ] } - }, + }, { "CreateEmailHtmlBody": { "name": "CreateEmailHtmlBody" } - }, + }, { "listExecutedCommands": { "name": "listExecutedCommands" } - }, + }, { "EPOUpdateEndpoints": { - "name": "EPOUpdateEndpoints", - "deprecated": true, + "name": "EPOUpdateEndpoints", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "CheckSender": { - "name": "CheckSender", + "name": "CheckSender", "depends_on": [ "pipl-search" ] } - }, + }, { "NessusLaunchScan": { - "name": "NessusLaunchScan", - "deprecated": true, + "name": "NessusLaunchScan", + "deprecated": true, "depends_on": [ "scan-launch" ] } - }, + }, { "ADGetGroupUsers": { - "name": "ADGetGroupUsers", - "deprecated": true, + "name": "ADGetGroupUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CPTaskStatus": { - "name": "CPTaskStatus", - "deprecated": true, + "name": "CPTaskStatus", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "80b5c44c-4eac-4e00-812f-6d409d57be31": { - "name": "WhoisLookup", - "deprecated": true, + "name": "WhoisLookup", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "NetwitnessSAAddEventsToIncident": { - "name": "NetwitnessSAAddEventsToIncident", + "name": "NetwitnessSAAddEventsToIncident", "depends_on": [ "nw-add-events-to-incident" ] } - }, + }, { "StopScheduledTask": { - "name": "StopScheduledTask", + "name": "StopScheduledTask", "script_executions": [ "scheduleEntry" ] } - }, + }, { "SalesforceAskUser": { - "name": "SalesforceAskUser", + "name": "SalesforceAskUser", "depends_on": [ "salesforce-push-comment" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "ADListUsersEx": { - "name": "ADListUsersEx", - "deprecated": true, + "name": "ADListUsersEx", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "OSQueryOpenSockets": { - "name": "OSQueryOpenSockets", + "name": "OSQueryOpenSockets", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "EsmExample": { - "name": "EsmExample", + "name": "EsmExample", "depends_on": [ "search" ] } - }, + }, { "SetSeverityByScore": { - "name": "SetSeverityByScore", + "name": "SetSeverityByScore", "script_executions": [ - "IncidentSet", - "IncidentSet", + "IncidentSet", + "IncidentSet", "IncidentSet" ] } - }, + }, { "RSAArcherManualFetch": { - "name": "RSAArcherManualFetch", + "name": "RSAArcherManualFetch", "depends_on": [ "archer-manually-fetch-incident" - ], + ], "script_executions": [ "createNewIncident" ] } - }, + }, { "CheckpointFWBackupStatus": { - "name": "CheckpointFWBackupStatus", + "name": "CheckpointFWBackupStatus", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "VolImageinfo": { "name": "VolImageinfo" } - }, + }, { "CBPApproveHash": { - "name": "CBPApproveHash", + "name": "CBPApproveHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "ParseEmailFile": { - "name": "ParseEmailFile", - "deprecated": true, + "name": "ParseEmailFile", + "deprecated": true, "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "GoogleappsRevokeUserRole": { - "name": "GoogleappsRevokeUserRole", + "name": "GoogleappsRevokeUserRole", "depends_on": [ "googleapps-revoke-user-role" ] } - }, + }, { "DBotPredictPhishingEvaluation": { - "name": "DBotPredictPhishingEvaluation", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingEvaluation", + "fromversion": "4.1.0", "script_executions": [ - "DBotPreparePhishingData", + "DBotPreparePhishingData", "setIncident" ] } - }, + }, { "DemistoUploadFile": { - "name": "DemistoUploadFile", + "name": "DemistoUploadFile", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SNListTickets": { - "name": "SNListTickets", - "deprecated": true, + "name": "SNListTickets", + "deprecated": true, "depends_on": [ "servicenow-incidents-query" ] } - }, + }, { "JiraIssueAddComment": { - "name": "JiraIssueAddComment", - "deprecated": true, + "name": "JiraIssueAddComment", + "deprecated": true, "depends_on": [ "jira-issue-add-comment" ] } - }, + }, { "AlgosecCreateTicket": { - "name": "AlgosecCreateTicket", + "name": "AlgosecCreateTicket", "depends_on": [ "algosec-create-ticket" ] } - }, + }, { "DeleteContext": { "name": "DeleteContext" } - }, + }, { "ADGetUsersByEmail": { - "name": "ADGetUsersByEmail", - "deprecated": true, + "name": "ADGetUsersByEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "LanguageDetect": { "name": "LanguageDetect" } - }, + }, { "IncapGetAppInfo": { - "name": "IncapGetAppInfo", + "name": "IncapGetAppInfo", "depends_on": [ "incap-get-app-info" ] } - }, + }, { "SplunkEmailParser": { - "name": "SplunkEmailParser", + "name": "SplunkEmailParser", "depends_on": [ "search" ] } - }, + }, { "GetTime": { "name": "GetTime" } - }, + }, { "PortListenCheck": { "name": "PortListenCheck" } - }, + }, { "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { - "name": "WhileNotExistLoop", + "name": "WhileNotExistLoop", "deprecated": true } - }, + }, { "PanoramaBlockIP": { - "name": "PanoramaBlockIP", - "deprecated": true, + "name": "PanoramaBlockIP", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "IdentifyAttachedEmail": { - "name": "IdentifyAttachedEmail", + "name": "IdentifyAttachedEmail", "script_executions": [ "getEntries" ] } - }, + }, { "D2Services": { "name": "D2Services" } - }, + }, { "AlgosecQuery": { - "name": "AlgosecQuery", + "name": "AlgosecQuery", "depends_on": [ "algosec-query" ] } - }, + }, { "AwsStartInstance": { - "name": "AwsStartInstance", + "name": "AwsStartInstance", "depends_on": [ "start-instance" ] } - }, + }, { "DomainReputation": { - "name": "DomainReputation", + "name": "DomainReputation", "script_executions": [ "domain" ] } - }, + }, { "GetDuplicatesMlv2": { - "name": "GetDuplicatesMlv2", - "fromversion": "3.5.0", + "name": "GetDuplicatesMlv2", + "fromversion": "3.5.0", "script_executions": [ - "getIncidents", - "findIndicators", + "getIncidents", + "findIndicators", "getIncidents" ] } - }, + }, { "JIRAPrintIssue": { - "name": "JIRAPrintIssue", + "name": "JIRAPrintIssue", "depends_on": [ "jira-get-issue" ] } - }, + }, { "FPDeleteRule": { - "name": "FPDeleteRule", + "name": "FPDeleteRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "isError": { "name": "isError" } - }, + }, { "CommonServerPython": { "name": "CommonServerPython" } - }, + }, { "10cb3486-48f3-4d93-88af-b6be84ffd432": { - "name": "OktaGetGroups", - "deprecated": true, + "name": "OktaGetGroups", + "deprecated": true, "depends_on": [ "okta-get-groups" ] } - }, + }, { "DocumentationAutomation": { - "name": "DocumentationAutomation", + "name": "DocumentationAutomation", "script_executions": [ "getFilePath" ] } - }, + }, { "FileReputation": { - "name": "FileReputation", + "name": "FileReputation", "script_executions": [ "file" ] } - }, + }, { "AreValuesEqual": { "name": "AreValuesEqual" } - }, + }, { "LCMDetectedEntities": { - "name": "LCMDetectedEntities", + "name": "LCMDetectedEntities", "depends_on": [ "lcm-entities" ] } - }, + }, { "UtilAnyResults": { "name": "UtilAnyResults" } - }, + }, { "ExampleJSScript": { "name": "ExampleJSScript" } - }, + }, { "UnEscapeIPs": { "name": "UnEscapeIPs" } - }, + }, { "OSQueryLoggedInUsers": { - "name": "OSQueryLoggedInUsers", + "name": "OSQueryLoggedInUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "FindSimilarIncidentsByText": { "name": "FindSimilarIncidentsByText" } - }, + }, { "IncapWhitelistCompliance": { - "name": "IncapWhitelistCompliance", + "name": "IncapWhitelistCompliance", "depends_on": [ - "incap-get-domain-approver-email", - "RemoteExec", - "incap-list-sites", + "incap-get-domain-approver-email", + "RemoteExec", + "incap-list-sites", "SendEmail" - ], + ], "script_executions": [ - "SendEmail", + "SendEmail", "RemoteExec" ] } - }, + }, { "c99e196b-e05e-41f2-82cb-6798f33cb653": { - "name": "cveSearch", - "deprecated": true, + "name": "cveSearch", + "deprecated": true, "depends_on": [ "cve-search" ] } - }, + }, { "5e125fdd-72f1-455f-89fa-e6f9405174a4": { "name": "NotInContextVerification" } - }, + }, { "ExtractDomain": { "name": "ExtractDomain" } - }, + }, { "DemistoCreateList": { - "name": "DemistoCreateList", + "name": "DemistoCreateList", "depends_on": [ "demisto-api-post" ] } - }, + }, { "ServiceNowQueryIncident": { - "name": "ServiceNowQueryIncident", + "name": "ServiceNowQueryIncident", "depends_on": [ "servicenow-query-table" ] } - }, + }, { "MimecastQuery": { - "name": "MimecastQuery", + "name": "MimecastQuery", "depends_on": [ "mimecast-query" ] } - }, + }, { "misp_download_sample": { - "name": "misp_download_sample", + "name": "misp_download_sample", "depends_on": [ "internal-misp-download-sample" ] } - }, + }, { "ExchangeDeleteIDsFromContext": { - "name": "ExchangeDeleteIDsFromContext", - "deprecated": true, + "name": "ExchangeDeleteIDsFromContext", + "deprecated": true, "depends_on": [ "ews-delete-items" ] } - }, + }, { "DumpJSON": { "name": "DumpJSON" } - }, + }, { "ADGetGroupComputers": { - "name": "ADGetGroupComputers", - "deprecated": true, + "name": "ADGetGroupComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "TrendmicroAntiMalwareEventRetrieve": { - "name": "TrendmicroAntiMalwareEventRetrieve", + "name": "TrendmicroAntiMalwareEventRetrieve", "depends_on": [ "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Sleep": { "name": "Sleep" } - }, + }, { "AdSearch": { - "name": "AdSearch", - "deprecated": true, + "name": "AdSearch", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "XBNotable": { - "name": "XBNotable", + "name": "XBNotable", "depends_on": [ "xb-notable" ] } - }, + }, { "GoogleappsGetUser": { - "name": "GoogleappsGetUser", - "deprecated": true, + "name": "GoogleappsGetUser", + "deprecated": true, "depends_on": [ "googleapps-get-user" ] } - }, + }, { "CBLiveFetchFiles": { - "name": "CBLiveFetchFiles", + "name": "CBLiveFetchFiles", "depends_on": [ "CBLiveGetFile" - ], + ], "script_executions": [ "CBLiveGetFile" ] } - }, + }, { "JiraIssueAddLink": { - "name": "JiraIssueAddLink", - "deprecated": true, + "name": "JiraIssueAddLink", + "deprecated": true, "depends_on": [ "jira-issue-add-link" ] } - }, + }, { "ContextSearchForString": { "name": "ContextSearchForString" } - }, + }, { "ShowOnMap": { "name": "ShowOnMap" } - }, + }, { "CBFindIP": { - "name": "CBFindIP", + "name": "CBFindIP", "depends_on": [ "CBSearch" - ], + ], "script_executions": [ "CBSearch" ] } - }, + }, { "D2Rekall": { "name": "D2Rekall" } - }, + }, { "CuckooGetReport": { - "name": "CuckooGetReport", + "name": "CuckooGetReport", "depends_on": [ "cuckoo-get-task-report" ] } - }, + }, { "BinarySearchPy": { - "name": "BinarySearchPy", + "name": "BinarySearchPy", "depends_on": [ "cb-process" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "Volatility": { "name": "Volatility" } - }, + }, { "GrrGetFiles": { - "name": "GrrGetFiles", + "name": "GrrGetFiles", "depends_on": [ "grr_get_files" - ], + ], "script_executions": [ "grr_get_files" ] } - }, + }, { "FetchFileD2": { "name": "FetchFileD2" } - }, + }, { "ToTable": { "name": "ToTable" } - }, + }, { "XBLockouts": { - "name": "XBLockouts", + "name": "XBLockouts", "depends_on": [ "xb-lockouts" ] } - }, + }, { "ExchangeAssignRole": { "name": "ExchangeAssignRole" } - }, + }, { "GrrSetHunts": { - "name": "GrrSetHunts", + "name": "GrrSetHunts", "depends_on": [ "grr_set_hunts" - ], + ], "script_executions": [ "grr_set_hunts" ] } - }, + }, { "MaliciousRatioReputation": { - "name": "MaliciousRatioReputation", - "fromversion": "4.0.0", + "name": "MaliciousRatioReputation", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "EPOFindSystem": { - "name": "EPOFindSystem", + "name": "EPOFindSystem", "depends_on": [ "epo-command" ] } - }, + }, { "TaniumAskQuestionComplex": { - "name": "TaniumAskQuestionComplex", - "deprecated": true, + "name": "TaniumAskQuestionComplex", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "deprecated": true } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "toversion": "3.0.1", + "name": "DataHashReputation", + "toversion": "3.0.1", "depends_on": [ "file" ] } - }, + }, { "GetIndicatorDBotScore": { - "name": "GetIndicatorDBotScore", - "fromversion": "3.5.0", + "name": "GetIndicatorDBotScore", + "fromversion": "3.5.0", "script_executions": [ "getIndicator" ] } - }, + }, { "HTTPListRedirects": { "name": "HTTPListRedirects" } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "deprecated": true, + "name": "DataHashReputation", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "CBEvents": { - "name": "CBEvents", + "name": "CBEvents", "depends_on": [ - "cb-process", + "cb-process", "process-events" ] } - }, + }, { "Whois": { - "name": "Whois", - "deprecated": true, + "name": "Whois", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "MarkAsNoteByTag": { - "name": "MarkAsNoteByTag", + "name": "MarkAsNoteByTag", "script_executions": [ - "getEntries", + "getEntries", "markAsNote" ] } - }, + }, { "TaniumApprovePendingActions": { - "name": "TaniumApprovePendingActions", - "deprecated": true, + "name": "TaniumApprovePendingActions", + "deprecated": true, "depends_on": [ - "tn-add-object", + "tn-add-object", "tn-get-object" ] } - }, + }, { "GenericPollingScheduledTask": { "name": "GenericPollingScheduledTask" } - }, + }, { "NessusListScans": { - "name": "NessusListScans", - "deprecated": true, + "name": "NessusListScans", + "deprecated": true, "depends_on": [ "scans-list" ] } - }, + }, { "TaniumAskQuestion": { - "name": "TaniumAskQuestion", - "deprecated": true, + "name": "TaniumAskQuestion", + "deprecated": true, "depends_on": [ - "tn-result-data", + "tn-result-data", "tn-result-info" ] } - }, + }, { "ExportToCSV": { "name": "ExportToCSV" } - }, + }, { "URLReputation": { - "name": "URLReputation", + "name": "URLReputation", "script_executions": [ "url" ] } - }, + }, { "IncidentAddSystem": { "name": "IncidentAddSystem" } - }, + }, { "FindSimilarIncidents": { - "name": "FindSimilarIncidents", + "name": "FindSimilarIncidents", "script_executions": [ "getContext" ] } - }, + }, { "CPDeleteRule": { - "name": "CPDeleteRule", - "deprecated": true, + "name": "CPDeleteRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", + "checkpoint", "checkpoint" ] } - }, + }, { "RegexGroups": { "name": "RegexGroups" } - }, + }, { "RemoteExec": { - "name": "RemoteExec", + "name": "RemoteExec", "depends_on": [ "ssh" ] } - }, + }, { "PublishEntriesToContext": { "name": "PublishEntriesToContext" } - }, + }, { "http": { - "name": "http", + "name": "http", "toversion": "3.1.0" } - }, + }, { "GoogleappsGetUserRoles": { - "name": "GoogleappsGetUserRoles", - "deprecated": true, + "name": "GoogleappsGetUserRoles", + "deprecated": true, "depends_on": [ "googleapps-get-user-roles" ] } - }, + }, { "ExchangeDeleteMail": { "name": "ExchangeDeleteMail" } - }, + }, { "SbUpload": { - "name": "SbUpload", + "name": "SbUpload", "depends_on": [ "sb-upload" ] } - }, + }, { "3dd62013-4fed-43eb-8ae4-91b1b4250599": { - "name": "OktaSetPassword", - "deprecated": true, + "name": "OktaSetPassword", + "deprecated": true, "depends_on": [ "okta-set-password" ] } - }, + }, { "D2Processes": { "name": "D2Processes" } - }, + }, { "IncapListSites": { - "name": "IncapListSites", + "name": "IncapListSites", "depends_on": [ "incap-list-sites" ] } - }, + }, { "ADGetEmailForAllUsers": { - "name": "ADGetEmailForAllUsers", - "deprecated": true, + "name": "ADGetEmailForAllUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooTaskStatus": { - "name": "CuckooTaskStatus", + "name": "CuckooTaskStatus", "depends_on": [ "cuckoo-view-task" ] } - }, + }, { "PWEvents": { - "name": "PWEvents", - "deprecated": true, + "name": "PWEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "NexposeEmailParserForVuln": { - "name": "NexposeEmailParserForVuln", + "name": "NexposeEmailParserForVuln", "depends_on": [ "nexpose" ] } - }, + }, { "CloseInvestigationAsDuplicate": { - "name": "CloseInvestigationAsDuplicate", + "name": "CloseInvestigationAsDuplicate", "script_executions": [ "linkIncidents" ] } - }, + }, { "GetDuplicatesMl": { - "name": "GetDuplicatesMl", - "fromversion": "3.5.0", - "deprecated": true, + "name": "GetDuplicatesMl", + "fromversion": "3.5.0", + "deprecated": true, "script_executions": [ - "getIncidents", - "findIndicators", + "getIncidents", + "findIndicators", "getIncidents" ] } - }, + }, { "FailedInstances": { - "name": "FailedInstances", + "name": "FailedInstances", "fromversion": "4.0.0" } - }, + }, { "UnPackFile": { - "name": "UnPackFile", + "name": "UnPackFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "http": { - "name": "http", + "name": "http", "fromversion": "3.5.0" } - }, + }, { "DBotPredictPhishingLabel": { - "name": "DBotPredictPhishingLabel", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingLabel", + "fromversion": "4.1.0", "script_executions": [ "DBotPredictTextLabel" ] } - }, + }, { "CPCreateBackup": { - "name": "CPCreateBackup", - "deprecated": true, + "name": "CPCreateBackup", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "ExtractIP": { "name": "ExtractIP" } - }, + }, { "CheckURLs": { - "name": "CheckURLs", - "deprecated": true, + "name": "CheckURLs", + "deprecated": true, "script_executions": [ "url" ] } - }, + }, { "SplunkPySearch": { - "name": "SplunkPySearch", + "name": "SplunkPySearch", "depends_on": [ "splunk-search" ] } - }, + }, { "GrrGetHunts": { - "name": "GrrGetHunts", + "name": "GrrGetHunts", "depends_on": [ "grr_get_hunts" - ], + ], "script_executions": [ "grr_get_hunts" ] } - }, + }, { "ImpSfSetEndpointStatus": { - "name": "ImpSfSetEndpointStatus", + "name": "ImpSfSetEndpointStatus", "depends_on": [ "imp-sf-set-endpoint-status" ] } - }, + }, { "PCAPMiner": { - "name": "PCAPMiner", + "name": "PCAPMiner", "script_executions": [ "getFilePath" ] } - }, + }, { "D2GetFile": { "name": "D2GetFile" } - }, + }, { "PagerDutyAssignOnCallUser": { - "name": "PagerDutyAssignOnCallUser", + "name": "PagerDutyAssignOnCallUser", "depends_on": [ "PagerDuty-get-users-on-call-now" ] } - }, + }, { "ExtractHTMLTables": { "name": "ExtractHTMLTables" } - }, + }, { "ContainsCreditCardInfo": { "name": "ContainsCreditCardInfo" } - }, + }, { "CBSearch": { "name": "CBSearch" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "toversion": "3.0.1" } - }, + }, { "DBotClosedIncidentsPercentage": { "name": "DBotClosedIncidentsPercentage" } - }, + }, { "CBAlerts": { - "name": "CBAlerts", + "name": "CBAlerts", "depends_on": [ "cb-alert" ] } - }, + }, { "ParseWordDoc": { - "name": "ParseWordDoc", + "name": "ParseWordDoc", "script_executions": [ "getFilePath" ] } - }, + }, { "VolJson": { "name": "VolJson" } - }, + }, { "SlackSend": { - "name": "SlackSend", - "deprecated": true, + "name": "SlackSend", + "deprecated": true, "depends_on": [ "slack-send" ] } - }, + }, { "ExposeList": { - "name": "ExposeList", + "name": "ExposeList", "deprecated": true } - }, + }, { "VectraHealth": { - "name": "VectraHealth", - "deprecated": true, + "name": "VectraHealth", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "D2ExecuteCommand": { "name": "D2ExecuteCommand" } - }, + }, { "46e2109c-b735-458e-884f-030229a20830": { "name": "SetByIncidentId" } - }, + }, { "dfa728bb-8291-4f8c-8185-53fad210f1b5": { "name": "VerifyHumanReadableContains" } - }, + }, { "ContextGetPathForString": { "name": "ContextGetPathForString" } - }, + }, { "LCMResolveHost": { - "name": "LCMResolveHost", + "name": "LCMResolveHost", "depends_on": [ "lcm-resolve-host" ] } - }, + }, { "IsGreaterThan": { "name": "IsGreaterThan" } - }, + }, { "SbQuota": { - "name": "SbQuota", + "name": "SbQuota", "depends_on": [ "sb-quota" ] } - }, + }, { "ContextFilter": { "name": "ContextFilter" } - }, + }, { "O365SearchEmails": { - "name": "O365SearchEmails", + "name": "O365SearchEmails", "script_executions": [ - "D2O365SearchAndDelete", + "D2O365SearchAndDelete", "D2O365ComplianceSearch" ] } - }, + }, { "AnalyzeOSX": { - "name": "AnalyzeOSX", + "name": "AnalyzeOSX", "depends_on": [ - "url", - "Osxcollector", + "url", + "Osxcollector", "file" ] } - }, + }, { "PWEventPcapDownload": { - "name": "PWEventPcapDownload", + "name": "PWEventPcapDownload", "depends_on": [ "event-pcap-download" ] } - }, + }, { "AnalyzeMemImage": { "name": "AnalyzeMemImage" } - }, + }, { "8bb47409-fffb-40c4-8601-d5fd20384e26": { - "name": "SetTime", + "name": "SetTime", "script_executions": [ "setIncident" ] } - }, + }, { "JiraGetIssue": { - "name": "JiraGetIssue", - "deprecated": true, + "name": "JiraGetIssue", + "deprecated": true, "depends_on": [ "jira-get-issue" ] } - }, + }, { "ADExpirePassword": { - "name": "ADExpirePassword", - "deprecated": true, + "name": "ADExpirePassword", + "deprecated": true, "depends_on": [ "ad-expire-password" ] } - }, + }, { "ImpSfRevokeUnaccessedDevices": { - "name": "ImpSfRevokeUnaccessedDevices", + "name": "ImpSfRevokeUnaccessedDevices", "depends_on": [ - "ImpSfSetEndpointStatus", + "ImpSfSetEndpointStatus", "ImpSfListEndpoints" - ], + ], "script_executions": [ - "SendEmail", - "ImpSfListEndpoints", + "SendEmail", + "ImpSfListEndpoints", "ImpSfSetEndpointStatus" ] } - }, + }, { "ADGetUser": { - "name": "ADGetUser", + "name": "ADGetUser", "depends_on": [ "ad-search" ] } - }, + }, { "SendEmail": { - "name": "SendEmail", + "name": "SendEmail", "depends_on": [ "send-mail" ] } - }, + }, { "EPOCheckLatestDAT": { - "name": "EPOCheckLatestDAT", + "name": "EPOCheckLatestDAT", "deprecated": true } - }, + }, { "PagerDutyAlertOnIncident": { - "name": "PagerDutyAlertOnIncident", + "name": "PagerDutyAlertOnIncident", "depends_on": [ "PagerDuty-submit-event" ] } - }, + }, { "URLExtract": { - "name": "URLExtract", + "name": "URLExtract", "deprecated": true } - }, + }, { "TaniumDeployAction": { - "name": "TaniumDeployAction", - "deprecated": true, + "name": "TaniumDeployAction", + "deprecated": true, "depends_on": [ "tn-deploy-package" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "toversion": "3.1.0", + "name": "SendEmailToManager", + "toversion": "3.1.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", + "AdSearch", "addOneTimeEntitlement" ] } - }, + }, { "StringReplace": { "name": "StringReplace" } - }, + }, { "TextFromHTML": { "name": "TextFromHTML" } - }, + }, { "CPShowBackupStatus": { - "name": "CPShowBackupStatus", - "deprecated": true, + "name": "CPShowBackupStatus", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "RunPollingCommand": { - "name": "RunPollingCommand", + "name": "RunPollingCommand", "fromversion": "4.0.0" } - }, + }, { "CBWatchlists": { - "name": "CBWatchlists", + "name": "CBWatchlists", "depends_on": [ "cb-watchlist-get" ] } - }, + }, { "DamSensorDown": { - "name": "DamSensorDown", + "name": "DamSensorDown", "depends_on": [ "dam-get-latest-by-rule" ] } - }, + }, { "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { - "name": "OktaDeactivateUser", - "deprecated": true, + "name": "OktaDeactivateUser", + "deprecated": true, "depends_on": [ "okta-deactivate-user" ] } - }, + }, { "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { - "name": "NetwitnessQuery", + "name": "NetwitnessQuery", "depends_on": [ "nw-sdk-query" ] } - }, + }, { "CBSensors": { - "name": "CBSensors", + "name": "CBSensors", "depends_on": [ "cb-list-sensors" ] } - }, + }, { "VolRunCmds": { "name": "VolRunCmds" } - }, + }, { "ADGetComputer": { - "name": "ADGetComputer", + "name": "ADGetComputer", "depends_on": [ "ad-search" ] } - }, + }, { "DemistoUploadFileToIncident": { - "name": "DemistoUploadFileToIncident", + "name": "DemistoUploadFileToIncident", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SbDownload": { - "name": "SbDownload", + "name": "SbDownload", "depends_on": [ "sb-download" ] } - }, + }, { "OSQueryBasicQuery": { - "name": "OSQueryBasicQuery", + "name": "OSQueryBasicQuery", "depends_on": [ "RemoteExec" - ], + ], "script_executions": [ "RemoteExec" ] } - }, + }, { "AggregateIOCs": { - "name": "AggregateIOCs", + "name": "AggregateIOCs", "deprecated": true } - }, + }, { "LinkIncidentsWithRetry": { - "name": "LinkIncidentsWithRetry", + "name": "LinkIncidentsWithRetry", "script_executions": [ - "linkIncidents", + "linkIncidents", "linkIncidents" ] } - }, + }, { "PDFUnlocker": { - "name": "PDFUnlocker", + "name": "PDFUnlocker", "script_executions": [ "getFilePath" ] } - }, + }, { "D2RegQuery": { "name": "D2RegQuery" } - }, + }, { "ExtractURL": { "name": "ExtractURL" } - }, + }, { "StringContains": { "name": "StringContains" } - }, + }, { "CPBlockIP": { - "name": "CPBlockIP", - "deprecated": true, + "name": "CPBlockIP", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "TrendmicroSecurityProfileAssignToHost": { - "name": "TrendmicroSecurityProfileAssignToHost", + "name": "TrendmicroSecurityProfileAssignToHost", "depends_on": [ "trendmicro-security-profile-assign-to-host" ] } - }, + }, { "JiraCreateIssue-example": { - "name": "JiraCreateIssue-example", + "name": "JiraCreateIssue-example", "depends_on": [ - "jira-create-issue", + "jira-create-issue", "jira-delete-issue" ] } - }, + }, { "VolApihooks": { "name": "VolApihooks" } - }, + }, { "ADGetCommonGroups": { - "name": "ADGetCommonGroups", - "deprecated": true, + "name": "ADGetCommonGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUserGroups" ] } - }, + }, { "NetwitnessSAGetComponents": { - "name": "NetwitnessSAGetComponents", + "name": "NetwitnessSAGetComponents", "depends_on": [ "nw-get-components" ] } - }, + }, { "QRadarGetCorrelationLogs": { - "name": "QRadarGetCorrelationLogs", + "name": "QRadarGetCorrelationLogs", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "CountArraySize": { "name": "CountArraySize" } - }, + }, { "ConvertXmlToJson": { "name": "ConvertXmlToJson" } - }, + }, { "D2PEDump": { "name": "D2PEDump" } - }, + }, { "CBPFindComputer": { - "name": "CBPFindComputer", + "name": "CBPFindComputer", "depends_on": [ "cbp-computer-search" ] } - }, + }, { "ClassifierNotifyAdmin": { - "name": "ClassifierNotifyAdmin", + "name": "ClassifierNotifyAdmin", "depends_on": [ "send-mail" ] } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "fromversion": "3.5.0", + "name": "SlackAskUser", + "fromversion": "3.5.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "Exists": { "name": "Exists" } - }, + }, { "NetwitnessSAGetEvents": { - "name": "NetwitnessSAGetEvents", + "name": "NetwitnessSAGetEvents", "depends_on": [ "nw-get-events" ] } - }, + }, { "DBotTrainTextClassifier": { - "name": "DBotTrainTextClassifier", - "fromversion": "4.1.0", + "name": "DBotTrainTextClassifier", + "fromversion": "4.1.0", "script_executions": [ - "getFilePath", + "getFilePath", "createList" ] } - }, + }, { "CommonServer": { "name": "CommonServer" } - }, + }, { "LCMDetectedIndicators": { - "name": "LCMDetectedIndicators", + "name": "LCMDetectedIndicators", "depends_on": [ "lcm-indicators" ] } - }, + }, { "SplunkSearch": { - "name": "SplunkSearch", - "deprecated": true, + "name": "SplunkSearch", + "deprecated": true, "depends_on": [ "search" ] } - }, + }, { "IsIPInSubnet": { - "name": "IsIPInSubnet", + "name": "IsIPInSubnet", "deprecated": true } - }, + }, { "TrendmicroHostRetrieveAll": { - "name": "TrendmicroHostRetrieveAll", + "name": "TrendmicroHostRetrieveAll", "depends_on": [ "trendmicro-host-retrieve-all" ] } - }, + }, { "getMlFeatures": { - "name": "getMlFeatures", - "fromversion": "3.5.0", + "name": "getMlFeatures", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", + "findIndicators", "getIncidents" ] } - }, + }, { "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { - "name": "SEPScan", + "name": "SEPScan", "depends_on": [ "sep-command-status" ] } - }, + }, { "PrintContext": { "name": "PrintContext" } - }, + }, { "D2O365SearchAndDelete": { "name": "D2O365SearchAndDelete" } - }, + }, { "DBotPreparePhishingData": { - "name": "DBotPreparePhishingData", - "fromversion": "4.1.0", + "name": "DBotPreparePhishingData", + "fromversion": "4.1.0", "script_executions": [ - "getContext", - "getIncidents", - "createList", + "getContext", + "getIncidents", + "createList", "WordTokenizer" ] } - }, + }, { "QRadarGetOffenseCorrelations": { - "name": "QRadarGetOffenseCorrelations", + "name": "QRadarGetOffenseCorrelations", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "ShowScheduledEntries": { "name": "ShowScheduledEntries" } - }, + }, { "EmailAskUserResponse": { "name": "EmailAskUserResponse" } - }, + }, { "IsEmailAddressInternal": { "name": "IsEmailAddressInternal" } - }, + }, { "DemistoGetIncidentTasksByState": { "name": "DemistoGetIncidentTasksByState" } - }, + }, { "VectraGetHostById": { - "name": "VectraGetHostById", - "deprecated": true, + "name": "VectraGetHostById", + "deprecated": true, "depends_on": [ "vec-get-host-by-id" ] } - }, + }, { "DefaultIncidentClassifier": { "name": "DefaultIncidentClassifier" } - }, + }, { "TestCreateTagTextFile": { - "name": "TestCreateTagTextFile", + "name": "TestCreateTagTextFile", "script_executions": [ "createList" ] } - }, + }, { "TestCreateWordFile": { "name": "TestCreateWordFile" } - }, + }, { "GenerateImageFileEntry": { "name": "GenerateImageFileEntry" } - }, + }, { "a18ff76e-c462-4daa-8be2-6a1b5308713f": { "name": "TestCreateDuplicates" } - }, + }, { "c5cb179f-d6d2-4d87-8857-b224689d5b00": { "name": "VerifyTreeToFlatObject" } - }, + }, { "GenerateUUID": { "name": "GenerateUUID" } - }, + }, { "TestXml2JSON": { "name": "TestXml2JSON" } - }, + }, { "3b260f00-772c-4d4e-84ea-e47226637497": { - "name": "VerifyHumanReadableEquals", + "name": "VerifyHumanReadableEquals", "fromversion": "3.6.0" } - }, + }, { "ValidateErrorExistence": { - "name": "ValidateErrorExistence", + "name": "ValidateErrorExistence", "script_executions": [ "getEntries" ] } - }, + }, { "CompleteManualTask": { - "name": "CompleteManualTask", + "name": "CompleteManualTask", "script_executions": [ - "DemistoGetIncidentTasksByState", + "DemistoGetIncidentTasksByState", "taskComplete" ] } - }, + }, { "GenerateIP": { "name": "GenerateIP" } - }, + }, { "CarbonBlackResponseFilterSensors": { "name": "CarbonBlackResponseFilterSensors" } - }, + }, { "RaiseError": { "name": "RaiseError" } - }, + }, { "GenerateEmail": { "name": "GenerateEmail" } - }, + }, { "PhishingIncident": { - "name": "PhishingIncident", + "name": "PhishingIncident", "script_executions": [ "setIncident" ] } - }, + }, { "VerifyTableToMarkDown": { "name": "VerifyTableToMarkDown" } - }, + }, { "TestFormatTableValues": { "name": "TestFormatTableValues" } - }, + }, { "TestCreateIncidents": { - "name": "TestCreateIncidents", + "name": "TestCreateIncidents", "script_executions": [ - "createNewIncident", + "createNewIncident", "createNewIncident" ] } - }, + }, { "TestPYCommonServer": { "name": "TestPYCommonServer" } - }, + }, { "CreateDuplicateIncident": { - "name": "CreateDuplicateIncident", + "name": "CreateDuplicateIncident", "script_executions": [ "createNewIncident" ] } - }, + }, { "c0eb84c3-8771-4f9f-833e-1017112d6215": { "name": "ThrowException" } - }, + }, { "SsdeepReputationTest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "script_executions": [ - "findIndicators", - "createNewIndicator", - "createNewIndicator", + "findIndicators", + "createNewIndicator", + "createNewIndicator", "createNewIndicator" ] } - }, + }, { "CreateBinaryFile": { "name": "CreateBinaryFile" } - }, + }, { "GetFirstObject": { "name": "GetFirstObject" } - }, + }, { "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", + "name": "ChangeRemediationSLAOnSevChange", + "fromversion": "4.1.0", "script_executions": [ - "setIncident", - "setIncident", - "setIncident", + "setIncident", + "setIncident", + "setIncident", "setIncident" ] } - }, + }, { "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", - "script_executions": [ - "stopTimer" - ] - } - }, - { - "changeremediationslaonsevchange": { - "name": "ChangeRemediationSLAOnSevChange", - "fromversion": "4.1.0", - "script_executions": [ - "setIncident", - "setIncident", - "setIncident", - "setIncident" - ] - } - }, - { - "stoptimetoassignonownerchange": { - "name": "StopTimeToAssignOnOwnerChange", - "fromversion": "4.1.0", + "name": "StopTimeToAssignOnOwnerChange", + "fromversion": "4.1.0", "script_executions": [ "stopTimer" ] } } - ], + ], "playbooks": [ { "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ "Search And Delete Emails - EWS" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", + "CloseInvestigation", + "IncidentSet", "commentsToContext" - ], + ], "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", "servicenow-incident-create" ] } - }, + }, { "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, + "name": "Get Original Email - Generic", + "fromversion": 4.0, "implementing_playbooks": [ - "Get Original Email - Gmail", + "Get Original Email - Gmail", "Get Original Email - EWS" ] } - }, + }, { "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "phish-ai-check-status", + "phish-ai-check-status", "phish-ai-scan-url" ] } - }, + }, { "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-get-task-report", "cuckoo-create-task-from-url" ] } - }, + }, { "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Cylance Protect", "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-details" ] } - }, + }, { "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - Carbon Black Enterprise Response", "Get File Sample From Path - D2" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ "rasterize-email" ] } - }, + }, { "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-upload-file", + "lastline-upload-file", "lastline-get-report" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", + "name": "GenericPolling", + "fromversion": "4.0.0", "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", + "ScheduleGenericPolling", + "RunPollingCommand", "PrintErrorEntry" ] } - }, + }, { "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExposeModules", - "Autoruns", + "ExposeModules", + "Autoruns", "Exists" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", "Calculate Severity - Critical assets" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", + "CBPFindRule", + "Set", + "CBPCatalogFindHash", "Exists" - ], + ], "implementing_commands": [ "cbp-computer-get" ] } - }, + }, { "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", + "name": "Incident Enrichment", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExtractURL", - "ExtractHash", + "ExtractURL", + "ExtractHash", "ExtractIP" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "Exists", + "Exists", "SendEmail" - ], + ], "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-search" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "crowdstrike-detonate-file" ] } - }, + }, { "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", + "name": "Enrich McAfee DXL using 3rd party sandbox", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "WildFire - Detonate file" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", + "name": "Tenable.io Scan", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", "tenable-io-get-scan-status" ] } - }, + }, { "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", "Block Account - Generic" ] } - }, + }, { "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-get-samples-state", "threat-grid-url-to-file" ] } - }, + }, { "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", "TrendMicroGetHostID" ] } - }, + }, { "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", "gvault-get-mail-results" ] } - }, + }, { "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", "Email Address Enrichment - Generic" ] } - }, + }, { "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", + "joe-download-report", + "joe-analysis-submit-url", "joe-analysis-info" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-sample", + "crowdstrike-submit-sample", "crowdstrike-scan" ] } - }, + }, { "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-device-details" ] } - }, + }, { "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "cveReputation" - ], + ], "implementing_commands": [ "cve-search" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", + "Print", + "CloseInvestigationAsDuplicate", "GetDuplicatesMl" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", "Detonate File - Generic" ] } - }, + }, { "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ - "QualysCreateIncidentFromReport", + "QualysCreateIncidentFromReport", "Set" - ], + ], "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", + "qualys-report-fetch", + "closeInvestigation", "qualys-report-list" ] } - }, + }, { "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, + "name": "Get Original Email - Gmail", + "fromversion": 4.0, "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", + "gmail-get-attachments", + "gmail-search", "gmail-get-mail" ] } - }, + }, { "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-check-status", + "atd-get-report", + "atd-check-status", "atd-file-upload" ] } - }, + }, { "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-get-report", + "lastline-get-report", "lastline-upload-url" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", "WildFire - Detonate file" ] } - }, + }, { "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", + "name": "Process Email - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "IsIntegrationAvailable", + "IsIntegrationAvailable", "Exists" - ], + ], "implementing_commands": [ - "slack-send", + "slack-send", "ExposeModules" ] } - }, + }, { "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentAddSystem", + "IncidentAddSystem", "FetchFileD2" ] } - }, + }, { "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, + "name": "Get Original Email - EWS", + "fromversion": 4.0, "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Set" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", + "ews-search-mailbox", + "ews-get-attachment", "ews-get-items" ] } - }, + }, { "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", + "CBPFindRule", + "CBPCatalogFindHash", "Exists" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", "implementing_scripts": [ - "StringContains", - "Set", + "StringContains", + "Set", "Exists" ] } - }, + }, { "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", "CPCreateBackup" ] } - }, + }, { "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "EPOFindSystem", - "Exists", + "EPOFindSystem", + "Exists", "ADGetComputer" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", + "cylance-protect-get-devices", + "cb-sensor-info", "so-agents-query" ] } - }, + }, { "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", "implementing_playbooks": [ - "QRadar - Get offense correlations", + "QRadar - Get offense correlations", "Access Investigation - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", "gvault-get-groups-results" ] } - }, + }, { "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", "DBotPreparePhishingData" ] } - }, + }, { "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", "Detonate URL - McAfee ATD" ] } - }, + }, { "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-sc-get-scan-report", + "tenable-sc-get-scan-report", "tenable-sc-launch-scan" ] } - }, + }, { "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload-file-remote", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", "implementing_commands": [ - "cb-sensor-info", + "cb-sensor-info", "cb-quarantine-device" ] } - }, + }, { "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", + "name": "DeDup incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "FindSimilarIncidents", + "FindSimilarIncidents", "CloseInvestigationAsDuplicate" ] } - }, + }, { "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-assets-scan", + "nexpose-start-assets-scan", "nexpose-get-scan" ] } - }, + }, { "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", "ExtractIP" ] } - }, + }, { "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", "NexposeEmailParser" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", + "name": "Dedup - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", "FindSimilarIncidents" ] } - }, + }, { "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", "Search Endpoints By Hash - Generic" ] } - }, + }, { "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", "implementing_commands": [ - "cb-get-hash-blacklist", + "cb-get-hash-blacklist", "cb-block-hash" ] } - }, + }, { "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "BuildEWSQuery" - ], + ], "implementing_commands": [ - "ews-search-mailboxes", + "ews-search-mailboxes", "ews-delete-items" ] } - }, + }, { "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", + "name": "MAR - Endpoint data collection", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "mar-search-multiple" ] } - }, + }, { "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-url", + "crowdstrike-submit-url", "crowdstrike-scan" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", + "IsIPInRanges", + "IPToHost", "IPReputation" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" - ], + ], "implementing_commands": [ "vt-private-get-ip-report" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "DomainReputation" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", + "name": "QRadarFullSearch", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", + "name": "Arcsight - Get events related to the Case", "implementing_scripts": [ - "IncidentSet", - "Set", + "IncidentSet", + "Set", "Exists" - ], + ], "implementing_commands": [ - "as-get-security-events", - "as-get-case", + "as-get-security-events", + "as-get-case", "as-get-case-event-ids" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", "Exists" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", "implementing_scripts": [ - "QRadarGetCorrelationLogs", + "QRadarGetCorrelationLogs", "QRadarGetOffenseCorrelations" ] } - }, + }, { "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", + "name": "Block IP - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ "PanoramaBlockIP" - ], + ], "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ - "zscaler-blacklist-ip", + "zscaler-blacklist-ip", "checkpoint-block-ip" ] } - }, + }, { "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "playbook3": { - "name": "Ransomware Playbook - Manual", + "name": "Ransomware Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", + "name": "Enrich DXL with ATD verdict", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "ATD - Detonate File" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", "sndbox-download-report" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", + "name": "Phishing Investigation - Generic", + "toversion": "4.0.9", + "fromversion": "4.0.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } - }, + }, { "playbook2": { - "name": "Phishing Playbook - Manual", + "name": "Phishing Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", "Carbon black Protection Rapid IOC Hunting" ] } - }, + }, { "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "ReadPDFFile", - "Set", + "ReadPDFFile", + "Set", "ExtractIndicatorsFromTextFile" ] } - }, + }, { "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", + "name": "Sentinel One - Endpoint data collection", "implementing_scripts": [ - "Print", + "Print", "Exists" - ], + ], "implementing_commands": [ - "so-agents-query", + "so-agents-query", "so-get-agent-processes" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", + "name": "Process Email - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_playbooks": [ "Get Original Email - Generic" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", + "CloseInvestigation", + "commentsToContext", "Ping" - ], + ], "implementing_commands": [ "servicenow-incident-create" ] } - }, + }, { "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", "setIncident" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "StringContains", + "Print", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "playbook8": { - "name": "Lost / Stolen Device Playbook", + "name": "Lost / Stolen Device Playbook", "fromversion": "2.5.0" } - }, + }, { "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "DisplayHTML" - ], + ], "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "qualys-host-list", + "qualys-host-list", "qualys-vulnerability-list" ] } - }, + }, { "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", "ExtractURL" - ], + ], "implementing_playbooks": [ "Hunt for bad IOCs" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "CBFindHash" ] } - }, + }, { "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-site-scan", + "nexpose-start-site-scan", "nexpose-get-scan" ] } - }, + }, { "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", "panorama-commit-status" ] } - }, + }, { "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", "SlackAskUser" - ], + ], "implementing_commands": [ "slack-send" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", + "name": "WildFire - Detonate file", + "toversion": "3.1.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "File Enrichment - File reputation", + "File Enrichment - File reputation", "File Enrichment - Virus Total Private API" - ], + ], "implementing_commands": [ - "cylance-protect-get-threat", + "cylance-protect-get-threat", "pan-appframework-search-by-file-hash" ] } - }, + }, { "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ "NexposeCreateIncidentsFromAssets" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", + "closeInvestigation", + "nexpose-create-assets-report", "nexpose-search-assets" ] } - }, + }, { "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", + "name": "Archer initiate incident", + "fromversion": "3.5.0", "implementing_commands": [ "archer-get-file" ] } - }, + }, { "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", + "name": "Block File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Block File - Carbon Black Response" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Set" ] } - }, + }, { "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", "implementing_commands": [ "minemeld-add-to-miner" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "DomainReputation" - ], + ], "implementing_commands": [ "vt-private-get-domain-report" ] } - }, + }, { "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", "SendEmail" - ], + ], "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", + "epo-update-repository", + "epo-get-latest-dat", "epo-get-current-dat" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", + "vt-private-get-url-report", "rasterize" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", "cuckoo-create-task-from-file" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", + "name": "Account Enrichment", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", "Enrichment Playbook" ] } - }, + }, { "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", "implementing_scripts": [ "CloseInvestigation" - ], + ], "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", + "TwilioSendSMS", + "slack-send", + "demisto-api-get", "setIncident" ] } - }, + }, { "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", + "name": "ATD - Detonate File", + "toversion": "3.6.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "detonate-file" ] } - }, + }, { "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", + "name": "Block Account - Generic", + "fromversion": "4.0.0", "implementing_commands": [ "ad-disable-account" ] } - }, + }, { "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", "implementing_commands": [ - "vt-private-check-file-behaviour", + "vt-private-check-file-behaviour", "vt-private-get-file-report" ] } - }, + }, { "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", + "name": "Block URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ "zscaler-blacklist-url" ] } - }, + }, { "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", + "name": "Process Email", + "fromversion": "2.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" ] } - }, + }, { "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", + "AssignAnalystToIncident", + "ADGetUser", "EmailAskUser" - ], + ], "implementing_playbooks": [ - "IP Enrichment - Generic", + "IP Enrichment - Generic", "Account Enrichment - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", "implementing_scripts": [ "EPOFindSystem" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBLiveGetFile", + "CBLiveGetFile", "Exists" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ - "wildfire-report", + "wildfire-report", "detonate-file" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", + "name": "Detonate File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", "Detonate File - ThreatGrid" ] } - }, + }, { "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", + "name": "D2 - Endpoint data collection", "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", "AreValuesEqual" ] } - }, + }, { "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", + "name": "Enrichment Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", + "Print", + "FileReputation", + "IPReputation", + "Exists", "URLReputation" ] } - }, + }, { "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", "ews-o365-start-compliance-search" ] } - }, + }, { "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ "GetIndicatorDBotScore" ] } - }, + }, { "playbook0": { - "name": "Default", - "fromversion": "3.5.0", + "name": "Default", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", + "name": "ATD - Detonate File", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", + "joe-download-report", + "joe-analysis-info", "joe-analysis-submit-sample" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", + "IsIPInRanges", + "IPReputation", "Exists" ] } - }, + }, { "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "SandboxDetonateFile", + "Print", + "SandboxDetonateFile", "Exists" ] } - }, + }, { "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", + "joe-download-report", "joe-analysis-submit-sample" ] } - }, + }, { "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBFindHash", + "CBFindHash", "Exists" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "Endpoint data collection": { - "name": "Endpoint data collection", + "name": "Endpoint data collection", "implementing_scripts": [ "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", "D2 - Endpoint data collection" ] } - }, + }, { "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Cylance Protect", "Get File Sample From Hash - Carbon Black Enterprise Response" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", + "threat-grid-upload-sample", "threat-grid-get-samples-state" ] } - }, - { - "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "fromversion": "4.1.0", - "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", - "SendEmail" - ], - "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", - "Calculate Severity - Generic" - ], - "implementing_commands": [ - "closeInvestigation", - "send-mail" - ] - } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "4.0.9", - "fromversion": "4.0.0", + "name": "Phishing Investigation - Generic", + "fromversion": "4.1.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "Set", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Block Indicators - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Block Indicators - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "send-mail" ] } } - ], + ], "integrations": [ { "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", "cybereason-update-malop-status" ] } - }, + }, { "Giphy": { - "name": "Giphy", + "name": "Giphy", "commands": [ "giphy" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", "nw-broker-mon" ] } - }, + }, { "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", "reversinglabs-download-unpacked" ] } - }, + }, { "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", "vmware-get-events" ] } - }, + }, { "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", "archer-get-user-id" ] } - }, + }, { "vmray": { - "name": "vmray", + "name": "vmray", "commands": [ - "upload_sample", - "get_results", + "upload_sample", + "get_results", "get_job_sample" ] } - }, + }, { "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", "jira-delete-issue" ] } - }, + }, { "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", "verodin-job-cancel" ] } - }, + }, { "dnstwist": { - "name": "dnstwist", + "name": "dnstwist", "commands": [ "dnstwist-domain-variations" ] } - }, + }, { "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", "ews-move-item" ] } - }, + }, { "OpenPhish": { - "name": "OpenPhish", + "name": "OpenPhish", "commands": [ - "url", - "openphish-reload", + "url", + "openphish-reload", "openphish-status" ] } - }, + }, { "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", "nsm-get-attacks" ] } - }, + }, { "ipinfo": { - "name": "ipinfo", + "name": "ipinfo", "commands": [ - "ip", + "ip", "ipinfo_field" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", "demisto-delete-incidents" ] } - }, + }, { "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", "satp-incidents" ] } - }, + }, { "McAfee Active Response": { - "name": "McAfee Active Response", + "name": "McAfee Active Response", "commands": [ - "mar-search", - "mar-collectors-list", + "mar-search", + "mar-collectors-list", "mar-search-multiple" ] } - }, + }, { "Aella Star Light": { - "name": "Aella Star Light", + "name": "Aella Star Light", "commands": [ "aella-get-event" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "Cisco CloudLock": { - "name": "Cisco CloudLock", + "name": "Cisco CloudLock", "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", + "cloudlock-get-users", + "cloudlock-get-user-apps", "cloudlock-get-activities" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", "cb-push-file-to-endpoint" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", + "name": "Pipl", + "fromversion": "3.5.0", "commands": [ - "pipl-search", + "pipl-search", "email" ] } - }, + }, { "Forcepoint": { - "name": "Forcepoint", + "name": "Forcepoint", "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", "fp-delete-address-from-category" ] } - }, + }, { "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", "fireeye-hx-get-host-set-information" ] } - }, + }, { "Threat Crowd": { - "name": "Threat Crowd", + "name": "Threat Crowd", "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", "threat-crowd-file" ] } - }, + }, { "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", + "name": "Palo Alto AppFramework", "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", "pan-appframework-search-by-file-hash" ] } - }, + }, { "Phishme Intelligence": { - "name": "Phishme Intelligence", + "name": "Phishme Intelligence", "commands": [ - "url", - "file", - "ip", - "phishme-search", + "url", + "file", + "ip", + "phishme-search", "email" ] } - }, + }, { "Remedy AR": { - "name": "Remedy AR", + "name": "Remedy AR", "commands": [ "remedy-get-server-details" ] } - }, + }, { "Intezer": { - "name": "Intezer", + "name": "Intezer", "commands": [ - "file", + "file", "intezer-upload" ] } - }, + }, { "AlgoSec": { - "name": "AlgoSec", + "name": "AlgoSec", "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", "algosec-query" ] } - }, + }, { "Zoom": { - "name": "Zoom", + "name": "Zoom", "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", "zoom-delete-user" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", "threat-grid-get-analysis-processes" ] } - }, + }, { "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", "qradar-delete-reference-set-value" ] } - }, + }, { "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", "splunk-parse-raw" ] } - }, + }, { "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", "domain" ] } - }, + }, { "LogRhythm": { - "name": "LogRhythm", + "name": "LogRhythm", "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", "lr-get-alarms" ] } - }, + }, { "Service Manager": { - "name": "Service Manager", + "name": "Service Manager", "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", "hpsm-get-device" ] } - }, + }, { "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Netskope": { - "name": "Netskope", + "name": "Netskope", "commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "McAfee Web Gateway": { - "name": "McAfee Web Gateway", + "name": "McAfee Web Gateway", "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", "mwg-delete-entry" ] } - }, + }, { "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", "as-search" ] } - }, + }, { "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", "cb-watchlist" ] } - }, + }, { "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", "zscaler-get-whitelist" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", "fe-config" ] } - }, + }, { "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", "device" ] } - }, + }, { "Skyformation": { - "name": "Skyformation", + "name": "Skyformation", "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", + "skyformation-get-accounts", + "skyformation-suspend-user", "skyformation-unsuspend-user" ] } - }, + }, { "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", "cisco-spark-send-message-to-room" ] } - }, + }, { "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", "as-case-delete" ] } - }, + }, { "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", "nexpose-get-scans" ] } - }, + }, { "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", "cylance-protect-delete-devices" ] } - }, + }, { "Cyber Triage": { - "name": "Cyber Triage", + "name": "Cyber Triage", "commands": [ "ct-triage-endpoint" ] } - }, + }, { "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", "endgame-investigation-status" ] } - }, + }, { "Kenna": { - "name": "Kenna", + "name": "Kenna", "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", "kenna-update-vulnerability" ] } - }, + }, { "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", "meraki-update-firewall-rules" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AWS Sagemaker": { - "name": "AWS Sagemaker", + "name": "AWS Sagemaker", "commands": [ "predict-phishing" ] } - }, + }, { "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", "crowdstrike-submit-file-by-url" ] } - }, + }, { "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", "domainProfile" ] } - }, + }, { "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", "jask-search-entities" ] } - }, + }, { "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", + "name": "Server Message Block (SMB)", "commands": [ "smb-download" ] } - }, + }, { "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", "esm-list-alarm-events" ] } - }, + }, { "nmap": { - "name": "nmap", + "name": "nmap", "commands": [ "nmap-scan" ] } - }, + }, { "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", + "name": "ReversingLabs Titanium Cloud", "commands": [ "file" ] } - }, + }, { "Farsight DNSDB": { - "name": "Farsight DNSDB", + "name": "Farsight DNSDB", "commands": [ - "dnsdb-rdata", + "dnsdb-rdata", "dnsdb-rrset" ] } - }, + }, { "Symantec MSS": { - "name": "Symantec MSS", + "name": "Symantec MSS", "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", + "symantec-mss-update-incident", + "symantec-mss-get-incident", "symantec-mss-incidents-list" ] } - }, + }, { "EWS Mail Sender": { - "name": "EWS Mail Sender", + "name": "EWS Mail Sender", "commands": [ "send-mail" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", "wildfire-upload-file-remote" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", "microsoft-atp-list-alerts" ] } - }, + }, { "Mail Sender (New)": { - "name": "Mail Sender (New)", + "name": "Mail Sender (New)", "commands": [ "send-mail" ] } - }, + }, { "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", "attivo-list-users" ] } - }, + }, { "Sample Incident Generator": { "name": "Sample Incident Generator" } - }, + }, { "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", + "name": "Hybrid Analysis", + "fromversion": "3.6.1", "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", "hybrid-analysis-detonate-file" ] } - }, + }, { "Anomali ThreatStream": { - "name": "Anomali ThreatStream", + "name": "Anomali ThreatStream", "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", "ip" ] } - }, + }, { "PacketMail": { - "name": "PacketMail", + "name": "PacketMail", "commands": [ "packetmail-ip" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", "umbrella-get-url-timeline" ] } - }, + }, { "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", "cbd-set-policy" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", + "name": "OPSWAT-Metadefender", "commands": [ - "opswat-hash", - "opswat-scan-file", + "opswat-hash", + "opswat-scan-file", "opswat-scan-result" ] } - }, + }, { "ActiveMQ": { - "name": "ActiveMQ", + "name": "ActiveMQ", "commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", + "name": "Cisco Email Security Appliance (IronPort)", "commands": [ "ironport-report" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "IsItPhishing": { - "name": "IsItPhishing", + "name": "IsItPhishing", "commands": [ "url" ] } - }, + }, { "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", "okta-update-user" ] } - }, + }, { "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", "aws-ec2-modify-instance-attribute" ] } - }, + }, { "Blockade.io": { - "name": "Blockade.io", + "name": "Blockade.io", "commands": [ - "blockade-get-indicators", + "blockade-get-indicators", "blockade-add-indicators" ] } - }, + }, { "AlphaSOC Network Behavior Analytics": { "name": "AlphaSOC Network Behavior Analytics" } - }, + }, { "Recorded Future": { - "name": "Recorded Future", + "name": "Recorded Future", "commands": [ - "domain", - "ip", - "file", + "domain", + "ip", + "file", "recorded-future-get-related-entities" ] } - }, + }, { "CVE Search": { - "name": "CVE Search", + "name": "CVE Search", "commands": [ - "cve-search", + "cve-search", "cve-latest" ] } - }, + }, { "SNDBOX": { - "name": "SNDBOX", + "name": "SNDBOX", "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", "sndbox-download-sample" ] } - }, + }, { "Demisto Lock": { - "name": "Demisto Lock", + "name": "Demisto Lock", "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", "demisto-lock-release-all" ] } - }, + }, { "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", "f5-list-all-user-sessions" ] } - }, + }, { "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", "mimecast-download-attachments" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", "redcanary-get-detection" ] } - }, + }, { "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", "joe-download-sample" ] } - }, + }, { "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", "aws-cloudtrail-lookup-events" ] } - }, + }, { "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", "threatexchange-members" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", "secure-works-get-tickets-ids" ] } - }, + }, { "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", "aws-get-ebs-volume-info" ] } - }, + }, { "ArcSight XML": { - "name": "ArcSight XML", + "name": "ArcSight XML", "commands": [ - "arcsight-update-case", + "arcsight-update-case", "arcsight-fetch-xml" ] } - }, + }, { "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", "vt-comments-get" ] } - }, + }, { "MxToolBox": { - "name": "MxToolBox", + "name": "MxToolBox", "commands": [ "mxtoolbox" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", "lcm-host-autoruns" ] } - }, + }, { "Packetsled": { - "name": "Packetsled", + "name": "Packetsled", "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", "packetsled-get-events" ] } - }, + }, { "Censys": { - "name": "Censys", + "name": "Censys", "commands": [ - "cen-view", + "cen-view", "cen-search" ] } - }, + }, { "Imperva Skyfence": { - "name": "Imperva Skyfence", + "name": "Imperva Skyfence", "commands": [ - "imp-sf-list-endpoints", + "imp-sf-list-endpoints", "imp-sf-set-endpoint-status" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", "minemeld-get-all-miners-names" ] } - }, + }, { "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", + "name": "GoogleSafeBrowsing", "commands": [ "url" ] } - }, + }, { "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", "salesforce-delete-case" ] } - }, + }, { "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", "scadafence-getAllConnections" ] } - }, + }, { "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", "hashicorp-create-token" ] } - }, + }, { "Proofpoint TAP": { - "name": "Proofpoint TAP", + "name": "Proofpoint TAP", "commands": [ "proofpoint-get-events" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", "threat-grid-get-specific-feed" ] } - }, + }, { "iDefense": { - "name": "iDefense", + "name": "iDefense", "commands": [ - "ip", - "domain", - "url", - "idefense-general", + "ip", + "domain", + "url", + "idefense-general", "uuid" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Venafi": { - "name": "Venafi", + "name": "Venafi", "commands": [ - "venafi-get-certificates", + "venafi-get-certificates", "venafi-get-certificate-details" ] } - }, + }, { "CyberArkAIM": { - "name": "CyberArkAIM", + "name": "CyberArkAIM", "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", "account-details" ] } - }, + }, { "Autofocus": { - "name": "Autofocus", + "name": "Autofocus", "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", "file" ] } - }, + }, { "AbuseIPDB": { - "name": "AbuseIPDB", + "name": "AbuseIPDB", "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", "abuseipdb-get-categories" ] } - }, + }, { "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", + "name": "McAfee Threat Intelligence Exchange", "commands": [ - "file", - "tie-set-file-reputation", + "file", + "tie-set-file-reputation", "tie-file-references" ] } - }, + }, { "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", "checkpoint-delete-rule" ] } - }, + }, { "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", "PagerDuty-acknowledge-event" ] } - }, + }, { "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", "gmail-add-filter" ] } - }, + }, { "Centreon": { - "name": "Centreon", + "name": "Centreon", "commands": [ - "centreon-get-host-status", + "centreon-get-host-status", "centreon-get-service-status" ] } - }, + }, { "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", "netwitness-blacklist-domains" ] } - }, + }, { "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", "pt-ssl-cert-search" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", "so-reslove-threats" ] } - }, + }, { "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", "amp_get_version" ] } - }, + }, { "AWS - SQS": { - "name": "AWS - SQS", + "name": "AWS - SQS", "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", "aws-sqs-purge-queue" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", "cb-terminate-process" ] } - }, + }, { "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", "aws-route53-upsert-record" ] } - }, + }, { "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", "tn-get-action" ] } - }, + }, { "FireEye ETP": { - "name": "FireEye ETP", + "name": "FireEye ETP", "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", "fireeye-etp-get-alert" ] } - }, + }, { "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", "vigilante-account-usage-info" ] } - }, + }, { "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", "rs-incidents-get-tasks" ] } - }, + }, { "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", "aws-iam-delete-account-alias" ] } - }, + }, { "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", "sep-client-content" ] } - }, + }, { "SumoLogic": { - "name": "SumoLogic", + "name": "SumoLogic", "commands": [ "search" ] } - }, + }, { "Pwned": { - "name": "Pwned", + "name": "Pwned", "commands": [ - "pwned-email", - "pwned-domain", + "pwned-email", + "pwned-domain", "email" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", + "name": "urlscan.io", + "toversion": "3.1.0", "commands": [ - "url", - "ip", - "file", + "url", + "ip", + "file", "urlscan-submit" ] } - }, + }, { "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", "lastline-get-task-list" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", + "name": "urlscan.io", + "fromversion": "3.5.0", "commands": [ - "urlscan-search", - "urlscan-submit", + "urlscan-search", + "urlscan-submit", "url" ] } - }, + }, { "OpsGenie": { - "name": "OpsGenie", + "name": "OpsGenie", "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", "opsgenie-get-schedule-timeline" ] } - }, + }, { "McAfeeDAM": { - "name": "McAfeeDAM", + "name": "McAfeeDAM", "commands": [ - "dam-get-alert-by-id", + "dam-get-alert-by-id", "dam-get-latest-by-rule" ] } - }, + }, { "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", "okta-get-group-members" ] } - }, + }, { "Devo": { - "name": "Devo", + "name": "Devo", "commands": [ "devo-query" ] } - }, + }, { "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", "aws-securityhub-update-finding" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "RedLock": { - "name": "RedLock", + "name": "RedLock", "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", "redlock-list-alert-filters" ] } - }, + }, { "Whois": { - "name": "Whois", - "fromversion": "4.1.0", + "name": "Whois", + "fromversion": "4.1.0", "commands": [ "whois" ] } - }, + }, { "SafeBreach": { - "name": "SafeBreach", + "name": "SafeBreach", "commands": [ - "safebreach-rerun", + "safebreach-rerun", "safebreach-get-simulation" ] } - }, + }, { "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", + "name": "AlphaSOC Wisdom", "commands": [ - "wisdom-domain-flags", + "wisdom-domain-flags", "wisdom-ip-flags" ] } - }, + }, { "jamf": { - "name": "jamf", + "name": "jamf", "commands": [ - "jamf-get-computers", + "jamf-get-computers", "jamf-get-computers-match" ] } - }, + }, { "CIRCL": { - "name": "CIRCL", + "name": "CIRCL", "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-ssl-get-certificate" ] } - }, + }, { "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", "panorama-push-status" ] } - }, + }, { "icebrg": { - "name": "icebrg", + "name": "icebrg", "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", "icebrg-get-report-assets" ] } - }, + }, { "EasyVista": { - "name": "EasyVista", + "name": "EasyVista", "commands": [ "easy-vista-search" ] } - }, + }, { "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", "tc-get-incident-associate-indicators" ] } - }, + }, { "BitDam": { - "name": "BitDam", + "name": "BitDam", "commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", "aws-s3-upload-file" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", "atd-login" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", + "name": "Mimecast", + "fromversion": "1.6.2", "commands": [ "mimecast-query" ] } - }, + }, { "Shodan": { - "name": "Shodan", + "name": "Shodan", "commands": [ - "search", + "search", "ip" ] } - }, + }, { "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", "aws-gd-update-findings-feedback" ] } - }, + }, { "Mimecast Authentication": { - "name": "Mimecast Authentication", + "name": "Mimecast Authentication", "commands": [ - "mimecast-login", - "mimecast-discover", + "mimecast-login", + "mimecast-discover", "mimecast-refresh-token" ] } - }, + }, { "malwr": { - "name": "malwr", - "fromversion": "3.0.0", + "name": "malwr", + "fromversion": "3.0.0", "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", + "malwr-submit", + "malwr-status", + "malwr-result", "malwr-detonate" ] } - }, + }, { "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", "cs-detection-details" ] } - }, + }, { "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", "servicenow-get-table-name" ] } - }, + }, { "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", "tenable-sc-get-system-information" ] } - }, + }, { "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", "gvault-get-groups-results" ] } - }, + }, { "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", "internal-misp-add-attribute" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", "box_files_get_info" ] } - }, + }, { "Remedy On-Demand": { - "name": "Remedy On-Demand", + "name": "Remedy On-Demand", "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", "remedy-incident-update" ] } - }, + }, { "Rasterize": { - "name": "Rasterize", + "name": "Rasterize", "commands": [ - "rasterize", - "rasterize-email", + "rasterize", + "rasterize-email", "rasterize-image" ] } - }, + }, { "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", "fortigate-delete-address-group" ] } - }, + }, { "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", "rtir-add-reply" ] } - }, + }, { "Tenable.io": { - "name": "Tenable.io", + "name": "Tenable.io", "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", "tenable-io-get-scan-status" ] } - }, + }, { "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", "sw-list-sessions" ] } - }, + }, { "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", "ews-o365-get-compliance-search-purge-status" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", "secure-works-get-ticket-count" ] } - }, + }, { "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", + "name": "Luminate", + "fromversion": "0.0.0", "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", "lum-get-ssh-access-logs" ] } - }, + }, { "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", "vt-private-download-file" ] } - }, + }, { "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", + "name": "Guidance Encase Endpoint", "commands": [ - "encase-copyjob", - "encase-snapshot", + "encase-copyjob", + "encase-snapshot", "encase-verifyhash" ] } - }, + }, { "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", "incap-get-app-info" ] } - }, + }, { "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", "cve-latest" ] } - }, + }, { "Cymon": { - "name": "Cymon", + "name": "Cymon", "commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", "atd-check-status" ] } - }, + }, { "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", "aws-logs-describe-metric-filters" ] } - }, + }, { "Microsoft Graph": { - "name": "Microsoft Graph", + "name": "Microsoft Graph", "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", "msg-get-user" ] } - }, + }, { "Secdo": { - "name": "Secdo", + "name": "Secdo", "commands": [ "secdo-add-IOCs" ] } - }, + }, { "Preempt": { - "name": "Preempt", + "name": "Preempt", "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", "preempt-get-alerts" ] } - }, + }, { "PostgreSQL": { - "name": "PostgreSQL", + "name": "PostgreSQL", "commands": [ "pgsql-query" ] } - }, + }, { "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", "epo-get-version" ] } - }, + }, { "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", "grr_set_hunts" ] } - }, + }, { "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", "nessus-scan-status" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", "ds-get-tags" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", "fe-submit-url-result" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", "nw-database-dump" ] } - }, + }, { "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", + "name": "RSA NetWitness v11.1", "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", "netwitness-get-alerts" ] } - }, + }, { "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", "smg-get-blocked-ips" ] } - }, + }, { "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", + "name": "OTRS", + "fromversion": "4.1.0", "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", "otrs-close-ticket" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", "cp-get-policy-details" ] } - }, + }, { "TCPIPUtils": { - "name": "TCPIPUtils", + "name": "TCPIPUtils", "commands": [ "ip" ] } - }, + }, { "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", "netwitness-im-get-alert-original" ] } - }, + }, { "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", + "name": "Where is the egg?", + "fromversion": "3.6.0", "commands": [ "clue" ] } - }, + }, { "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", "jira-issue-add-link" ] } - }, + }, { "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", "vec-get-detetctions-by-id" ] } - }, + }, { "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", + "name": "Twilio", + "fromversion": "2.5.0", "commands": [ "TwilioSendSMS" ] } - }, + }, { "PhishTank": { - "name": "PhishTank", + "name": "PhishTank", "commands": [ - "url", - "phishtank-reload", + "url", + "phishtank-reload", "phishtank-status" ] } - }, + }, { "FireEye iSIGHT": { - "name": "FireEye iSIGHT", + "name": "FireEye iSIGHT", "commands": [ - "ip", - "domain", - "file", - "isight-get-report", + "ip", + "domain", + "file", + "isight-get-report", "isight-submit-file" ] } - }, + }, { "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", "bigfix-query" ] } - }, + }, { "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", + "name": "Phish.AI", + "fromversion": "4.0.0", "commands": [ - "phish-ai-scan-url", + "phish-ai-scan-url", "phish-ai-check-status" ] } - }, + }, { "Koodous": { - "name": "Koodous", + "name": "Koodous", "commands": [ "k-check-hash" ] } - }, + }, { "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", "intsights-close-alert" ] } } - ], + ], "TestPlaybooks": [ { "SignalSciences Test": { - "name": "SignalSciences Test", + "name": "SignalSciences Test", "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", "sigsci-whitelist-remove-ip" ] } - }, + }, { "Microsoft Graph Test": { - "name": "Microsoft Graph Test", + "name": "Microsoft Graph Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", + "msg-search-alerts", + "msg-update-alert", "msg-get-alert-details" ] } - }, + }, { "Mail Sender (New) Test": { - "name": "Email Sender Python", + "name": "Email Sender Python", "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", + "Set", + "FileCreateAndUpload", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", "send-mail" ] } - }, + }, { "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", "ExtractURL" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "PortListenCheck-test": { - "name": "PortListenCheck-test", + "name": "PortListenCheck-test", "implementing_scripts": [ - "Print", + "Print", "PortListenCheck" ] } - }, + }, { "Qualys-Test": { - "name": "Qualys-Test", + "name": "Qualys-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", "qualys-report-list" ] } - }, + }, { "Pipl Test": { - "name": "Pipl Test", + "name": "Pipl Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "pipl-search" ] } - }, + }, { "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", "AreValuesEqual" - ], + ], "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", "splunk-get-indexes" ] } - }, + }, { "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", + "name": "CbP-PlayBook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", "cbp-fileAnalysis-get" ] } - }, + }, { "test_url_regex": { - "name": "Test URL Regex", + "name": "Test URL Regex", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" ] } - }, + }, { "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", + "name": "Test - PhishMe", "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", + "url", + "phishme-search", + "email", + "file", "ip" ] } - }, + }, { "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", + "name": "AWS - Route53 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", "aws-route53-list-hosted-zones" ] } - }, + }, { "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", + "name": "EWS Mail Sender Test", "implementing_scripts": [ "http" - ], + ], "implementing_commands": [ "send-mail" ] } - }, + }, { "Icebrg Test": { - "name": "Icebrg Test", + "name": "Icebrg Test", "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", "icebrg-get-report-indicators" ] } - }, + }, { "tenable-sc-scan-test": { - "name": "Test tenable scan", + "name": "Test tenable scan", "implementing_playbooks": [ "Launch Scan - Tenable.sc" ] } - }, + }, { "VMWare Test": { - "name": "VMWare Test", + "name": "VMWare Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", "vmware-get-vms" ] } - }, + }, { "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", + "name": "OpenPhish Test Playbook", "implementing_scripts": [ - "Print", - "CloseInvestigation", + "Print", + "CloseInvestigation", "Exists" - ], + ], "implementing_commands": [ - "url", + "url", "openphish-status" ] } - }, + }, { "Intezer Testing": { - "name": "Intezer Testing", + "name": "Intezer Testing", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "intezer-upload", + "intezer-upload", "file" ] } - }, + }, { "test-domain-indicator": { - "name": "test-domain-indicator", + "name": "test-domain-indicator", "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", + "Print", + "GetIndicatorDBotScore", "Sleep" ] } - }, + }, { "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "IP Enrichment - Generic" ] } - }, + }, { "Nessus - Test": { - "name": "Nessus - Test", + "name": "Nessus - Test", "implementing_scripts": [ "WhileLoop" - ], + ], "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", "nessus-scan-details" ] } - }, + }, { "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", + "name": "AWS - EC2 Test Playbook actions", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", "aws-ec2-stop-instances" ] } - }, + }, { "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", + "name": "Google Vault Generic Test", "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", + "VerifyContext", + "GeneratePassword", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", "gvault-create-export-groups" ] } - }, + }, { "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "CVE Enrichment - Generic" ] } - }, + }, { "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", + "name": "ReadPDFFile-Test", "implementing_scripts": [ - "DeleteContext", - "http", + "DeleteContext", + "http", "ReadPDFFile" ] } - }, + }, { "RegexGroups Test": { - "name": "RegexGroups Test", + "name": "RegexGroups Test", "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", + "RaiseError", + "VerifyContext", + "Set", "DeleteContext" ] } - }, + }, { "GmailTest": { - "name": "GmailTest", + "name": "GmailTest", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", "gmail-search" ] } - }, + }, { "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", + "name": "Extract Indicators From File - test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "http" - ], + ], "implementing_playbooks": [ "Extract Indicators From File - Generic" ] } - }, + }, { "Kenna Test": { - "name": "Kenna Test", + "name": "Kenna Test", "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", "kenna-get-connectors" ] } - }, + }, { "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", + "name": "AWS - CloudTrail Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", "aws-cloudtrail-stop-logging" ] } - }, + }, { "test_Qradar": { - "name": "test_Qradar", + "name": "test_Qradar", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], + ], "implementing_playbooks": [ "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", "qradar-delete-reference-set-value" ] } - }, + }, { "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", + "name": "Centreon-Test-Playbook", "implementing_commands": [ "centreon-get-host-status" ] } - }, + }, { "ssdeepreputationtest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", "SSDeepReputation" ] } - }, + }, { "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", + "name": "CrowdStrike FalconHost Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", + "cs-device-ran-on", + "cs-device-search", "cs-device-details" ] } - }, + }, { "dnstwistTest": { - "name": "dnstwistTest", + "name": "dnstwistTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "dnstwist-domain-variations" ] } - }, + }, { "IPInfoTest": { - "name": "IPInfoTest", + "name": "IPInfoTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "Netskope Test": { - "name": "Netskope Test", + "name": "Netskope Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Entity Enrichment - Generic" ] } - }, + }, { "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", + "name": "CrowdStrike Falcon Intel v2", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", "cs-reports" ] } - }, + }, { "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - TIE" ] } - }, + }, { "nexpose_test": { - "name": "Nexpose test", + "name": "Nexpose test", "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", + "GenerateUUID", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", "nexpose-get-scans" ] } - }, + }, { "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", + "name": "cisco-ise-test-playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "cisco-ise-get-endpoints" ] } - }, + }, { "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", + "name": "Carbon Black Response Test", "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", + "CarbonBlackResponseFilterSensors", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", "cb-alert" ] } - }, + }, { "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", + "VerifyContext", + "CreateDuplicateIncident", "DeleteContext" - ], + ], "implementing_playbooks": [ "Dedup - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "VxStream Test": { - "name": "VxStream Test", + "name": "VxStream Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", + "VerifyContext", + "DeleteContext", + "http", "Exists" - ], + ], "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", "crowdstrike-search" ] } - }, + }, { "PhishTank Testing": { - "name": "PhishTank Testing", + "name": "PhishTank Testing", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", + "DeleteContext", + "VerifyContext", + "Set", + "http", "ReadFile" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "BigFixTest": { - "name": "BigFixTest", + "name": "BigFixTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", "bigfix-deploy-patch" ] } - }, + }, { "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", + "name": "Cisco-Meraki-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", "meraki-fetch-organization-inventory" ] } - }, + }, { "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "URL Enrichment - Generic" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "CheckpointFW-test": { - "name": "CheckpointFW-test", + "name": "CheckpointFW-test", "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", "CheckpointFWCreateBackup" - ], + ], "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", "checkpoint-show-hosts" ] } - }, + }, { "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", + "name": "Test Playbook McAfee ATD", "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", + "FileCreateAndUpload", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Detonate URL - McAfee ATD", + "Detonate URL - McAfee ATD", "ATD - Detonate File" - ], + ], "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", + "atd-list-analyzer-profiles", + "atd-login", "atd-list-user" ] } - }, + }, { "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", + "name": "Cisco-Umbrella-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", "umbrella-domain-categorization" ] } - }, + }, { "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", + "name": "Test Playbook McAfee ePO", "implementing_scripts": [ - "RaiseError", + "RaiseError", "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", "epo-query-table" ] } - }, + }, { "grr_test": { - "name": "GRR Test", + "name": "GRR Test", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", "grr-get-flows" ] } - }, + }, { "RTIR Test": { - "name": "RTIR Test", + "name": "RTIR Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", "rtir-search-ticket" ] } - }, + }, { "GeneratePassword-Test": { - "name": "GeneratePassword-Test", + "name": "GeneratePassword-Test", "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", + "Print", + "GeneratePassword", + "DeleteContext", "Exists" ] } - }, + }, { "EWS Public Folders Test": { - "name": "EWS Public Folders Test", + "name": "EWS Public Folders Test", "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", "ews-get-folder" ] } - }, + }, { "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Account Enrichment - Generic" ] } - }, + }, { "TestStringReplace": { - "name": "TestStringReplace", + "name": "TestStringReplace", "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", + "StringReplace", + "VerifyContextFields", "DeleteContext" ] } - }, + }, { "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", + "name": "EWSv2_empty_attachment_test", "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - CrowdStrike" ] } - }, + }, { "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", + "name": "IBM Resilient Systems Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", "rs-incident-artifacts" ] } - }, + }, { "whois_test": { - "name": "whois_test", + "name": "whois_test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "whois" ] } - }, + }, { "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", + "name": "MxToolbox_test", "implementing_scripts": [ - "CloseInvestigation", - "Exists", + "CloseInvestigation", + "Exists", "ToTable" - ], + ], "implementing_commands": [ "mxtoolbox" ] } - }, + }, { "Jira-Test": { - "name": "Jira-Test", + "name": "Jira-Test", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", + "VerifyContextFields", + "VerifyContext", + "DeleteContext", "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", "jira-get-issue" ] } - }, + }, { "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", + "name": "AWS - EC2 Test Playbook ", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", "aws-ec2-describe-addresses" ] } - }, + }, { "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", + "name": "palo_alto_firewall_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_playbooks": [ "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", "panorama-delete-address" ] } - }, + }, { "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", + "name": "Google Safe Browsing Test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "CloseInvestigation" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "Tenable.io test": { - "name": "Tenable.io test", + "name": "Tenable.io test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", "tenable-io-get-scan-status" ] } - }, + }, { "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", + "name": "JoeSecurityTestPlaybook", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", "joe-analysis-submit-url" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "OTRS Test": { - "name": "OTRS Test", + "name": "OTRS Test", "implementing_scripts": [ "FetchFromInstance" - ], + ], "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", "otrs-get-ticket" ] } - }, + }, { "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", + "name": "Get Original Email - Gmail - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - Gmail" ] } - }, + }, { "TestHPServiceManager": { - "name": "TestHPServiceManager", + "name": "TestHPServiceManager", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", "hpsm-get-incident-by-id" ] } - }, + }, { "AbuseIPDB Test": { - "name": "AbuseIPDB Test", + "name": "AbuseIPDB Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", "abuseipdb-report-ip" ] } - }, + }, { "TestIsValueInArray": { - "name": "TestIsValueInArray", + "name": "TestIsValueInArray", "implementing_scripts": [ - "CloseInvestigation", - "Set", + "CloseInvestigation", + "Set", "IsValueInArray" ] } - }, + }, { "GsuiteTest": { - "name": "test-Gsuite", + "name": "test-Gsuite", "implementing_scripts": [ "VerifyContextFields" - ], + ], "implementing_commands": [ "googleapps-list-users" ] } - }, + }, { "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", + "name": "Cisco Spark Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", "cisco-spark-list-rooms" ] } - }, + }, { "iDefenseTest": { - "name": "iDefenseTest", + "name": "iDefenseTest", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "uuid" ] } - }, + }, { "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", + "name": "Block Indicators - Generic - Test", "implementing_playbooks": [ "Block Indicators - Generic" ] } - }, + }, { "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", "netwitness-query" ] } - }, + }, { "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", + "name": "Google Vault - Search And Display Results test", "implementing_scripts": [ - "GeneratePassword", + "GeneratePassword", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", "Google Vault - Search Drive" ] } - }, + }, { "URLDecode-Test": { - "name": "URLDecode-Test", + "name": "URLDecode-Test", "implementing_scripts": [ - "URLDecode", + "URLDecode", "DeleteContext" ] } - }, + }, { "Zscaler Test": { - "name": "Zscaler Test", + "name": "Zscaler Test", "implementing_scripts": [ - "GenerateUUID", + "GenerateUUID", "isError" - ], + ], "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", "zscaler-category-add-url" ] } - }, + }, { "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", + "name": "urlscan_malicious_Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ "urlscan-search" ] } - }, + }, { "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", + "name": "DemistoUploadFileToIncident Test", "implementing_scripts": [ - "DemistoUploadFileToIncident", + "DemistoUploadFileToIncident", "http" ] } - }, + }, { "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", + "name": "ParseEmailFiles-test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", "ParseEmailFiles" ] } - }, + }, { "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentSet", - "DeleteContext", + "IncidentSet", + "DeleteContext", "VerifyContext" - ], + ], "implementing_playbooks": [ "Extract Indicators - Generic" ] } - }, + }, { "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", + "name": "listExecutedCommands-Test", "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", "AreValuesEqual" ] } - }, + }, { "Phishing test - Inline": { - "name": "Phishing test - Inline", + "name": "Phishing test - Inline", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", + "name": "Tenable.io Scan Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Tenable.io Scan" ] } - }, + }, { "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", + "name": "AlphaSOC Wisdom Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "wisdom-ip-flags", + "wisdom-ip-flags", "wisdom-domain-flags" ] } - }, + }, { "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", + "name": "pyEWS_Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", "ews-search-mailboxes" ] } - }, + }, { "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", + "name": "virusTotal-test-playbook", "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", + "Set", + "VerifyContext", + "DeleteContext", "Exists" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", + "name": "Calculate Severity - Critical assets - Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ADGetUser" - ], + ], "implementing_playbooks": [ "Calculate Severity - Critical assets" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Response" ] } - }, + }, { "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", + "name": "TestGetDuplicatesIncidentsByMl", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", "TestCreateDuplicates" ] } - }, + }, { "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", + "name": "LogRhythm-Test-Playbook", "implementing_commands": [ "lr-get-alarms" ] } - }, + }, { "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", + "name": "Test Similar Incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", "FindSimilarIncidents" ] } - }, + }, { "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", + "name": "AWS - CloudWatchLogs Test Playbook_copy", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", "aws-logs-delete-retention-policy" ] } - }, + }, { "TestSkyformation": { - "name": "TestSkyformation", + "name": "TestSkyformation", "implementing_scripts": [ "TestFail" - ], + ], "implementing_commands": [ "skyformation-get-accounts" ] } - }, + }, { "EWS test": { - "name": "EWS test", + "name": "EWS test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", "ews-delete-items" ] } - }, + }, { "ShodanTest": { - "name": "ShodanTest", + "name": "ShodanTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", + "name": "Sandblast malicious test", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "echo" - ], + ], "implementing_commands": [ - "sandblast-query", + "sandblast-query", "sandblast-upload" ] } - }, + }, { "minemeld_test": { - "name": "Palo Alto MineMeld Test", + "name": "Palo Alto MineMeld Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", "minemeld-get-indicator-from-miner" ] } - }, + }, { "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", + "name": "Archer-Test-Playbook", "implementing_scripts": [ - "VerifyContextFields", + "VerifyContextFields", "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", "archer-get-record" ] } - }, + }, { "LanguageDetect-Test": { - "name": "LanguageDetect-Test", + "name": "LanguageDetect-Test", "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", "Exists" ] } - }, + }, { "ThreatGridTest": { - "name": "ThreatGridTest", + "name": "ThreatGridTest", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", "threat-grid-upload-sample" ] } - }, + }, { "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate URL - Generic" ] } - }, + }, { "test-ThreatConnect": { - "name": "test-ThreatConnect", + "name": "test-ThreatConnect", "implementing_commands": [ "tc-owners" ] } - }, + }, { "TestMatchRegex": { - "name": "TestMatchRegex", + "name": "TestMatchRegex", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "MatchRegex" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Generic" ] } - }, + }, { "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", + "name": "Detonate File - SNDBOX - Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - SNDBOX" ] } - }, + }, { "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", + "name": "Create Phishing Classifier ML Test", "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", "TestCreateIncidents" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" ] } - }, + }, { "CirclIntegrationTest": { - "name": "CIRCL Test", + "name": "CIRCL Test", "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", + "VerifyHumanReadableContains", + "PrintErrorEntry", "isError" - ], + ], "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-dns-get" ] } - }, + }, { "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", + "name": "ProofpointDecodeURL-Test", "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", "AreValuesEqual" ] } - }, + }, { "FireEye HX Test": { - "name": "FireEye HX Test", + "name": "FireEye HX Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", "fireeye-hx-get-indicator" ] } - }, + }, { "hashicorp_test": { - "name": "hashicorp_test", + "name": "hashicorp_test", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", "hashicorp-reset-configuration" ] } - }, + }, { "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", + "DecodeMimeHeader", + "DeleteContext", "VerifyContext" ] } - }, + }, { "XFE Test": { - "name": "XFE Test", + "name": "XFE Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", + "VerifyContext", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", + "domain", + "url", + "ip", + "cve-latest", + "cve-search", "file" ] } - }, + }, { "Base64 File in List Test": { - "name": "Base64 File in List Test", + "name": "Base64 File in List Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Base64ListToFile" - ], + ], "implementing_commands": [ "setList" ] } - }, + }, { "Cybereason Test": { - "name": "Cybereason Test", + "name": "Cybereason Test", "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", + "FetchFromInstance", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", "cybereason-query-malops" ] } - }, + }, { "ActiveMQ Test": { - "name": "ActiveMQ Test", + "name": "ActiveMQ Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], + ], "implementing_commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "McAfeeNSMTest": { - "name": "McAfeeNSMTest", + "name": "McAfeeNSMTest", "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", "nsm-get-sensors" ] } - }, + }, { "SNDBOX_Test": { - "name": "SNDBOX_Test", + "name": "SNDBOX_Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", "sndbox-is-online" ] } - }, + }, { "Fortigate Test": { - "name": "Fortigate Test", + "name": "Fortigate Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", "fortigate-update-policy" ] } - }, + }, { "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "sep-endpoints-info" ] } - }, + }, { "awake_security_test_pb": { - "name": "awake_security_test_pb", + "name": "awake_security_test_pb", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", "email" ] } - }, + }, { "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", + "name": "nmap-test", "implementing_scripts": [ - "CloseInvestigation", - "Print", + "CloseInvestigation", + "Print", "Exists" - ], + ], "implementing_commands": [ "nmap-scan" ] } - }, + }, { "Detonate File - No Files test": { - "name": "Detonate File - No Files test", + "name": "Detonate File - No Files test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", "ExtractEmail" ] } - }, + }, { "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", + "name": "test-LinkIncidentsWithRetry", "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", + "Print", + "LinkIncidentsWithRetry", "AreValuesEqual" - ], + ], "implementing_commands": [ "createNewIncident" ] } - }, + }, { "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", + "name": "Autofocus_test", "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", + "CloseInvestigation", + "IsMaliciousIndicatorFound", "AreValuesEqual" - ], + ], "implementing_commands": [ - "autofocus-search-sessions", - "file", + "autofocus-search-sessions", + "file", "autofocus-search-samples" ] } - }, + }, { "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", + "name": "Remedy-On-Demand-Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", "remedy-incident-update" ] } - }, + }, { "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Generic" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "Test ParseCSV": { - "name": "Test ParseCSV", + "name": "Test ParseCSV", "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", "AreValuesEqual" ] } - }, + }, { "Preempt Test": { - "name": "Preempt Test", + "name": "Preempt Test", "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", "preempt-add-to-watch-list" ] } - }, + }, { "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", + "name": "playbook-Cymon_Test", "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", + "VerifyContext", + "StringContains", + "DeleteContext", "ValidateErrorExistence" - ], + ], "implementing_commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", + "name": "HTTPRedirectList Test", "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", + "CloseInvestigation", + "HTTPListRedirects", "AreValuesEqual" ] } - }, + }, { "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", + "name": "Tcpiputlis Test Playbook", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", + "name": "S3 Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", "aws-s3-delete-bucket" ] } - }, + }, { "buildewsquery_test": { - "name": "BuildEWSQuery Test", + "name": "BuildEWSQuery Test", "implementing_scripts": [ - "BuildEWSQuery", + "BuildEWSQuery", "VerifyContext" ] } - }, + }, { "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", + "name": "palo_alto_panorama_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", "panorama-delete-address" ] } - }, + }, { "okta_test_playbook": { - "name": "Okta test playbook", + "name": "Okta test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", "okta-get-group-assignments" ] } - }, + }, { "test_delete_context": { - "name": "Test Delete Context", + "name": "Test Delete Context", "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", + "RaiseError", + "Set", + "DeleteContext", "isError" ] } - }, + }, { "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", + "name": "JiraCreateIssue-example-test", "implementing_scripts": [ - "JiraCreateIssue-example", + "JiraCreateIssue-example", "DeleteContext" - ], + ], "implementing_commands": [ "jira-delete-issue" ] } - }, + }, { "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", + "name": "AttivoBotsinkTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", "attivo-list-playbooks" ] } - }, + }, { "email_test": { - "name": "Email Address Enrichment - Generic - Test", + "name": "Email Address Enrichment - Generic - Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Email Address Enrichment - Generic" ] } - }, + }, { "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", + "name": "Cisco Umbrella Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", "umbrella-get-domain-queryvolume" ] } - }, + }, { "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", + "name": "AWS - SQS Test Playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", "aws-sqs-delete-queue" ] } - }, + }, { "RedCanaryTest": { - "name": "RedCanaryTest", + "name": "RedCanaryTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", "redcanary-execute-playbook" ] } - }, + }, { "blockip_test_playbook": { - "name": "blockip_test_playbook", + "name": "blockip_test_playbook", "implementing_scripts": [ "BlockIP" ] } - }, + }, { "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Block Endpoint - Carbon Black Response" - ], + ], "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", + "cb-list-sensors", + "cb-unquarantine-device", "cb-sensor-info" ] } - }, + }, { "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", + "name": "ExportToCSV script test", + "fromversion": "3.6.0", "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", "ReadFile" ] } - }, + }, { "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - D2" ] } - }, + }, { "GetTime-Test": { - "name": "GetTime-Test", + "name": "GetTime-Test", "implementing_scripts": [ - "GetTime", - "DeleteContext", + "GetTime", + "DeleteContext", "MatchRegex" ] } - }, + }, { "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", + "name": "CreateEmailHtmlBody_test_pb", "implementing_scripts": [ - "CreateEmailHtmlBody", + "CreateEmailHtmlBody", "DeleteContext" - ], + ], "implementing_commands": [ "createList" ] } - }, + }, { "forcepoint test": { - "name": "forcepoint test", + "name": "forcepoint test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", "fp-delete-categories" ] } - }, + }, { "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-detection-search" ] } - }, + }, { "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" ] } - }, + }, { "TestHttpPlaybook": { - "name": "TestHttpPlaybook", + "name": "TestHttpPlaybook", "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", + "VerifyContextFields", + "DeleteContext", "http" ] } - }, + }, { "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", + "name": "Test-IsMaliciousIndicatorFound", "implementing_scripts": [ - "VerifyContext", - "Sleep", + "VerifyContext", + "Sleep", "IsMaliciousIndicatorFound" - ], + ], "implementing_commands": [ "createNewIndicator" ] } - }, + }, { "Mimecast test": { - "name": "Mimecast test", + "name": "Mimecast test", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", "mimecast-get-url-logs" ] } - }, + }, { "TestParseCSV": { - "name": "TestParseCSV", + "name": "TestParseCSV", "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", "ExportToCSV" ] } - }, + }, { "ArcSight Logger test": { - "name": "ArcSight Logger test", + "name": "ArcSight Logger test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", "as-events" ] } - }, + }, { "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", + "name": "Cylance Protect v2 Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", "cylance-protect-add-hash-to-list" ] } - }, + }, { "McAfeeESMTest": { - "name": "McAfeeESMTest", + "name": "McAfeeESMTest", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", "esm-fetch-alarms" ] } - }, + }, { "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Jask_Test": { - "name": "Jask Test", + "name": "Jask Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", "jask-get-insight-comments" ] } - }, + }, { "RSA NetWitness Test": { - "name": "RSA NetWitness Test", + "name": "RSA NetWitness Test", "implementing_commands": [ - "netwitness-get-incident", + "netwitness-get-incident", "netwitness-get-incidents" ] } - }, + }, { "Test_Sagemaker": { - "name": "Test Sagemaker", + "name": "Test Sagemaker", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "predict-phishing" ] } - }, + }, { "ExtractURL Test": { - "name": "ExtractURL Test", + "name": "ExtractURL Test", "implementing_scripts": [ - "Print", - "ExtractURL", + "Print", + "ExtractURL", "IsTrue" ] } - }, + }, { "tenable-sc-test": { - "name": "Tenable.sc Test", + "name": "Tenable.sc Test", "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", + "GetTime", + "VerifyContext", + "DeleteContext", "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", "tenable-sc-list-users" ] } - }, + }, { "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", + "name": "ReversingLabsA1000Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", "file" ] } - }, + }, { "TestWordFileToIOC": { - "name": "TestWordFileToIOC", + "name": "TestWordFileToIOC", "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", "ParseWordDoc" ] } - }, + }, { "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", + "name": "TestExtractHTMLTables", "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", "Exists" ] } - }, + }, { "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", + "name": "Test - urlscan", "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", + "CloseInvestigation", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "ip", + "url", + "ip", "urlscan-submit" ] } - }, + }, { "RasterizeImageTest": { - "name": "RasterizeImageTest", + "name": "RasterizeImageTest", "implementing_scripts": [ - "GenerateImageFileEntry", + "GenerateImageFileEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "rasterize-image", + "rasterize-image", "closeInvestigation" ] } - }, + }, { "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", + "name": "InfoArmorVigilanteATITest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", "vigilante-search-leaks" ] } - }, + }, { "strings-test": { - "name": "strings-test", + "name": "strings-test", "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", "VerifyContext" ] } - }, + }, { "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", + "name": "Process Email - Generic - Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Process Email - Generic" ] } - }, + }, { "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", + "name": "AWS - S3 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", "aws-s3-put-bucket-policy" ] } - }, + }, { "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", + "name": "TestFileCreateAndUpload", "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", + "Print", + "FileCreateAndUpload", + "DeleteContext", "CloseInvestigation" ] } - }, + }, { "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", + "name": "Get Original Email - EWS - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - EWS" ] } - }, + }, { "Remedy AR Test": { - "name": "Remedy AR Test", + "name": "Remedy AR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "remedy-get-server-details" ] } - }, + }, { "WordTokenizeTest": { - "name": "WordTokenizeTest", + "name": "WordTokenizeTest", "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", + "VerifyContext", + "WordTokenizer", "DeleteContext" ] } - }, + }, { "ExtractDomainTest": { - "name": "ExtractDomainTest", + "name": "ExtractDomainTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ExtractDomain" ] } - }, + }, { "TestCommonPython": { - "name": "TestCommonPython", + "name": "TestCommonPython", "implementing_scripts": [ "TestPYCommonServer" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Cylance Protect" ] } - }, + }, { "TestPacketsled": { - "name": "TestPacketsled", + "name": "TestPacketsled", "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", "packetsled-get-incidents" ] } - }, + }, { "EWS search-mailbox test": { - "name": "EWS search-mailbox test", + "name": "EWS search-mailbox test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", + "ews-search-mailbox", + "ews-move-item", "send-mail" ] } - }, + }, { "IntSights Test": { - "name": "IntSights Test", + "name": "IntSights Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", + "Print", + "VerifyContext", + "DeleteContext", + "Exists", "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", "intsights-get-alert-activities" ] } - }, + }, { "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", + "name": "SalesforceTestPlaybook", "implementing_scripts": [ - "ContextContains", + "ContextContains", "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", "salesforce-query" ] } - }, + }, { "Wildfire Test": { - "name": "Wildfire Test", + "name": "Wildfire Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", + "wildfire-upload", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "Vectra-test": { - "name": "Vectra-test", + "name": "Vectra-test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", "vectra-detections" ] } - }, + }, { "CuckooTest": { - "name": "CuckooTest", + "name": "CuckooTest", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Cuckoo", + "Detonate URL - Cuckoo", "Detonate File - Cuckoo" ] } - }, + }, { "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", + "name": "TextFromHTML Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "TextFromHTML" ] } - }, + }, { "PhishAi-Test": { - "name": "PhishAi-Test", + "name": "PhishAi-Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "phish-ai-scan-url" ] } - }, + }, { "Phishing test - attachment": { - "name": "Phishing test - attachment", + "name": "Phishing test - attachment", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", + "name": "Test-Detonate URL - Phish.AI", "implementing_playbooks": [ "Detonate URL - Phish.AI" ] } - }, + }, { "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", + "name": "ReversingLabsTCTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "file" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Carbon Black Enterprise Response" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", + "name": "PostgreSQL Test", + "fromversion": "3.6.0", "implementing_scripts": [ "VerifyHumanReadableEquals" - ], + ], "implementing_commands": [ "pgsql-query" ] } - }, + }, { "DUO Test Playbook": { - "name": "DUO Test Playbook", + "name": "DUO Test Playbook", "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", "PrintContext" - ], + ], "implementing_commands": [ "duo-preauth" ] } - }, + }, { "secureworks_test": { - "name": "Secureworks test", + "name": "Secureworks test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", "secure-works-get-tickets-updates" ] } - }, + }, { "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", + "name": "File Enrichment - Generic Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "File Enrichment - Generic" ] } - }, + }, { "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", + "name": "JSONtoCSV-Test", "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", "DeleteContext" ] } - }, + }, { "ZipFile-Test": { - "name": "ZipFile-Test", + "name": "ZipFile-Test", "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", "DeleteContext" ] } - }, + }, { "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", + "name": "AWS - IAM Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", "aws-iam-delete-instance-profile" ] } - }, + }, { "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", + "name": "ExposeIncidentOwner-Test", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", "AreValuesEqual" ] } - }, + }, { "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", + "name": "McAfeeWebGatewayTest", "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", + "ContextContains", + "DeleteContext", + "Sleep", "PrintContext" - ], + ], "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", "mwg-get-available-lists" ] } - }, + }, { "DemistoLockTest": { - "name": "DemistoLockTest", + "name": "DemistoLockTest", "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", + "Set", + "Print", + "DeleteContext", + "Sleep", "isError" - ], + ], "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", "demisto-lock-info" ] } - }, + }, { "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", + "name": "Detonate File - BitDam Test", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - BitDam" ] } - }, + }, { "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", + "name": "Luminate-TestPlaybook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", "lum-get-http-access-logs" ] } - }, + }, { "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", + "name": "McAfee-MAR_Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", + "mar-collectors-list", + "mar-search-multiple", "mar-search" ] } - }, + }, { "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", + "name": "Carbon Black Live Response Test", "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", + "TestCreateWordFile", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", "cb-session-close" ] } - }, + }, { "Recorded Future Test": { - "name": "Recorded Future Test", + "name": "Recorded Future Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", + "ip", + "domain", + "recorded-future-get-related-entities", "file" ] } - }, + }, { "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", + "name": "NetWitness Endpoint Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", "netwitness-get-machine-module" ] } - }, + }, { "DNSDBTest": { - "name": "DNSDBTest", + "name": "DNSDBTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "dnsdb-rrset", + "dnsdb-rrset", "dnsdb-rdata" ] } - }, + }, { "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", + "name": "VerifyHumanReadableFormat", "implementing_scripts": [ - "VerifyTableToMarkDown", + "VerifyTableToMarkDown", "VerifyTreeToFlatObject" ] } - }, + }, { "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Domain Enrichment - Generic" ] } - }, + }, { "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", "file" ] } - }, + }, { "ParseExcel-test": { - "name": "ParseExcel-test", + "name": "ParseExcel-test", "implementing_scripts": [ - "ParseExcel", - "DeleteContext", + "ParseExcel", + "DeleteContext", "http" ] } - }, + }, { "Zoom_Test": { - "name": "Zoom_Test", + "name": "Zoom_Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", + "Print", + "VerifyContext", + "GenerateEmail", "DeleteContext" - ], + ], "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", "zoom-delete-user" ] } - }, + }, { "DomainTools-Test": { - "name": "DomainTools-Test", + "name": "DomainTools-Test", "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", + "VerifyContext", + "NotInContextVerification", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", "reverseIP" ] } - }, + }, { "RedLockTest": { - "name": "RedLockTest", + "name": "RedLockTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", "redlock-dismiss-alerts" ] } - }, + }, { "TruSTAR Test": { - "name": "TruSTAR Test", + "name": "TruSTAR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", "trustar-search-indicators" ] } - }, + }, { "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", "Detonate URL - JoeSecurity" ] } - }, + }, { "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", + "name": "Symantec Messaging Gateway Test", "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", + "GenerateIP", + "VerifyContext", + "GenerateUUID", "AreValuesEqual" - ], + ], "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", "smg-unblock-email" ] } - }, + }, { "devo_test_playbook": { - "name": "Devo test playbook", + "name": "Devo test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "devo-query" ] } - }, + }, { "Lastline - testplaybook": { - "name": "Lastline - testplaybook", + "name": "Lastline - testplaybook", "implementing_scripts": [ - "DeleteContext", - "Set", + "DeleteContext", + "Set", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Lastline", + "Detonate URL - Lastline", "Detonate File - Lastline" ] } - }, + }, { "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Test CommonServer": { - "name": "Test CommonServer", + "name": "Test CommonServer", "implementing_scripts": [ "TestFormatTableValues" ] } - }, + }, { "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", + "name": "Test filters & transformers scripts", "implementing_scripts": [ - "RaiseError", - "Print", + "RaiseError", + "Print", "Set" ] } - }, + }, { "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", + "name": "virusTotalPrivateAPI-test-playbook", "implementing_scripts": [ - "VerifyContext", - "StringContains", + "VerifyContext", + "StringContains", "DeleteContext" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-file-report", "vt-private-get-domain-report" ] } - }, + }, { "SCADAfence_test": { - "name": "SCADAfence_test", + "name": "SCADAfence_test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", + "scadafence-getAsset", + "scadafence-setAlertStatus", "scadafence-getAlerts" ] } - }, + }, { "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", + "name": "SymantecEndpointProtection Test", "implementing_scripts": [ - "SEPScan", - "VerifyContext", + "SEPScan", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", "sep-system-info" ] } - }, + }, { "PagerDuty Test": { - "name": "PagerDuty Test", + "name": "PagerDuty Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", "PagerDuty-get-users-on-call-now" ] } - }, + }, { "pan-appframework-test": { - "name": "pan-appframework-test", + "name": "pan-appframework-test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "pan-appframework-query-logs" ] } - }, + }, { "TestSafeBreach": { - "name": "TestSafeBreach", + "name": "TestSafeBreach", "implementing_commands": [ - "safebreach-get-simulation", + "safebreach-get-simulation", "safebreach-rerun" ] } - }, + }, { "ExifReadTest": { - "name": "ExifReadTest", + "name": "ExifReadTest", "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", + "GenerateImageFileEntry", + "ExifRead", "DeleteContext" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "McAfee-TIE Test": { - "name": "McAfee-TIE Test", + "name": "McAfee-TIE Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "tie-file-references", - "file", + "tie-file-references", + "file", "tie-set-file-reputation" ] } - }, + }, { "SymantecMSSTest": { - "name": "SymantecMSSTest", + "name": "SymantecMSSTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", + "symantec-mss-incidents-list", + "symantec-mss-update-incident", "symantec-mss-get-incident" ] } - }, - { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", - "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" - ] - } - }, + }, { "SLA Scripts - Test": { - "name": "SLA Scripts - Test", + "name": "SLA Scripts - Test", "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "setIncident", - "startTimer", + "setIncident", + "startTimer", "resetTimer" ] } From f9d2b21159fd68d3a26b8fc024c03697078eec0a Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 16:25:30 +0200 Subject: [PATCH 45/49] Added spaces again where needed --- Tests/id_set.json | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index af73bff2c7e4..7da8a25a7713 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -14319,19 +14319,11 @@ } }, { - "SLA Scripts - Test": { - "name": "SLA Scripts - Test", + "SplunkPySearch_Test": { + "name": "SplunkPySearch_Test", "implementing_scripts": [ - "StopTimeToAssignOnOwnerChange", - "ChangeRemediationSLAOnSevChange", - "Set", - "PrintErrorEntry", - "DeleteContext" - ], - "implementing_commands": [ - "setIncident", - "startTimer", - "resetTimer" + "SplunkPySearch", + "VerifyHumanReadableContains" ] } } From 43e6babeea252058892951ed0a99c850c4dba7b5 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 16:27:20 +0200 Subject: [PATCH 46/49] what --- Tests/id_set.json | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index 7da8a25a7713..af73bff2c7e4 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -14319,11 +14319,19 @@ } }, { - "SplunkPySearch_Test": { - "name": "SplunkPySearch_Test", + "SLA Scripts - Test": { + "name": "SLA Scripts - Test", "implementing_scripts": [ - "SplunkPySearch", - "VerifyHumanReadableContains" + "StopTimeToAssignOnOwnerChange", + "ChangeRemediationSLAOnSevChange", + "Set", + "PrintErrorEntry", + "DeleteContext" + ], + "implementing_commands": [ + "setIncident", + "startTimer", + "resetTimer" ] } } From 105312431ad74df37d1264b9bd59d499b5178dfc Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 17:04:24 +0200 Subject: [PATCH 47/49] still fighting id_set.json --- Tests/id_set.json | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Tests/id_set.json b/Tests/id_set.json index af73bff2c7e4..bbeb5471dd77 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -14317,6 +14317,15 @@ "symantec-mss-get-incident" ] } + }, + { + "SplunkPySearch_Test": { + "name": "SplunkPySearch_Test", + "implementing_scripts": [ + "SplunkPySearch", + "VerifyHumanReadableContains" + ] + } }, { "SLA Scripts - Test": { From 47f2af6a1579488a60c2f79b6547f180ecf88bff Mon Sep 17 00:00:00 2001 From: Ido van Dijk <43602124+idovandijk@users.noreply.github.com> Date: Thu, 3 Jan 2019 17:23:26 +0200 Subject: [PATCH 48/49] Update id_set.json editing directly on GitHub to prevent trailing white-spaces removal --- Tests/id_set.json | 13841 ++++++++++++++++++++++---------------------- 1 file changed, 6911 insertions(+), 6930 deletions(-) diff --git a/Tests/id_set.json b/Tests/id_set.json index bbeb5471dd77..4d7ad7366cab 100644 --- a/Tests/id_set.json +++ b/Tests/id_set.json @@ -2,4442 +2,4423 @@ "scripts": [ { "AwsStopInstance": { - "name": "AwsStopInstance", + "name": "AwsStopInstance", "depends_on": [ "stop-instance" ] } - }, + }, { "PWFindEvents": { - "name": "PWFindEvents", - "deprecated": true, + "name": "PWFindEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "QRadarClassifier": { - "name": "QRadarClassifier", - "deprecated": true, + "name": "QRadarClassifier", + "deprecated": true, "depends_on": [ "qradar-searches" ] } - }, + }, { "VolLDRModules": { "name": "VolLDRModules" } - }, + }, { "CPShowHosts": { - "name": "CPShowHosts", - "deprecated": true, + "name": "CPShowHosts", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "PWSensors": { - "name": "PWSensors", - "deprecated": true, + "name": "PWSensors", + "deprecated": true, "depends_on": [ "sensors" - ], + ], "script_executions": [ "sensors" ] } - }, + }, { "ADListComputers": { - "name": "ADListComputers", - "deprecated": true, + "name": "ADListComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CheckWhitelist": { - "name": "CheckWhitelist", - "deprecated": true, + "name": "CheckWhitelist", + "deprecated": true, "script_executions": [ "getList" ] } - }, + }, { "VectraHosts": { - "name": "VectraHosts", - "deprecated": true, + "name": "VectraHosts", + "deprecated": true, "depends_on": [ "vec-hosts" ] } - }, + }, { "SetContext": { - "name": "SetContext", + "name": "SetContext", "deprecated": true } - }, + }, { "D2Autoruns": { "name": "D2Autoruns" } - }, + }, { "MathUtil": { "name": "MathUtil" } - }, + }, { "CBFindHash": { - "name": "CBFindHash", - "deprecated": true, + "name": "CBFindHash", + "deprecated": true, "depends_on": [ "cb-binary" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "fromversion": "3.5.0", + "name": "SendEmailToManager", + "fromversion": "3.5.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", "addEntitlement" ] } - }, + }, { "FileCreateAndUpload": { "name": "FileCreateAndUpload" } - }, + }, { "DecodeMimeHeader": { "name": "DecodeMimeHeader" } - }, + }, { "WildfireUpload": { - "name": "WildfireUpload", - "deprecated": true, + "name": "WildfireUpload", + "deprecated": true, "depends_on": [ "wildfire-upload" ] } - }, + }, { "CYFileRep": { - "name": "CYFileRep", + "name": "CYFileRep", "depends_on": [ - "file", + "file", "cy-upload" - ], + ], "script_executions": [ - "getEntry", - "file", - "file" + "file", + "getEntry" ] } - }, + }, { "PanoramaPcaps": { - "name": "PanoramaPcaps", - "deprecated": true, + "name": "PanoramaPcaps", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ExtractDomain": { - "name": "ExtractDomain", + "name": "ExtractDomain", "toversion": "3.0.0" } - }, + }, { "ExposeUsers": { - "name": "ExposeUsers", + "name": "ExposeUsers", "deprecated": true } - }, + }, { "Print": { "name": "Print" } - }, + }, { "CSIndicators": { - "name": "CSIndicators", - "deprecated": true, + "name": "CSIndicators", + "deprecated": true, "depends_on": [ "cs-indicators" ] } - }, + }, { "PWEventPcapInfo": { - "name": "PWEventPcapInfo", - "deprecated": true, + "name": "PWEventPcapInfo", + "deprecated": true, "depends_on": [ "event-pcap-info" ] } - }, + }, { "JiraIssueQuery": { - "name": "JiraIssueQuery", - "deprecated": true, + "name": "JiraIssueQuery", + "deprecated": true, "depends_on": [ "jira-issue-query" ] } - }, + }, { "ADGetAllUsersEmail": { - "name": "ADGetAllUsersEmail", - "deprecated": true, + "name": "ADGetAllUsersEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooDetonateFile": { - "name": "CuckooDetonateFile", + "name": "CuckooDetonateFile", "depends_on": [ "cuckoo-create-task-from-file" ] } - }, + }, { "EPORepoList": { - "name": "EPORepoList", - "deprecated": true, + "name": "EPORepoList", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "GrrSetFlows": { - "name": "GrrSetFlows", + "name": "GrrSetFlows", "depends_on": [ "grr_set_flows" - ], + ], "script_executions": [ "grr_set_flows" ] } - }, + }, { "VectraGetDetetctionsById": { - "name": "VectraGetDetetctionsById", - "deprecated": true, + "name": "VectraGetDetetctionsById", + "deprecated": true, "depends_on": [ "vec-get-detetctions-by-id" ] } - }, + }, { "CommonD2": { "name": "CommonD2" } - }, + }, { "FilterByList": { - "name": "FilterByList", + "name": "FilterByList", "script_executions": [ "getList" ] } - }, + }, { "ExtractHash": { "name": "ExtractHash" } - }, + }, { "120c861a-e0ae-417e-8dcf-c3ee1dc15a42": { "name": "commentsToContext" } - }, + }, { "ConvertXmlFileToJson": { "name": "ConvertXmlFileToJson" } - }, + }, { "IPExtract": { - "name": "IPExtract", + "name": "IPExtract", "deprecated": true } - }, + }, { "DBotAverageScore": { "name": "DBotAverageScore" } - }, + }, { "NessusCreateScan": { - "name": "NessusCreateScan", - "deprecated": true, + "name": "NessusCreateScan", + "deprecated": true, "depends_on": [ "scan-create" ] } - }, + }, { "StixParser": { "name": "StixParser" } - }, + }, { "NessusShowEditorTemplates": { - "name": "NessusShowEditorTemplates", - "deprecated": true, + "name": "NessusShowEditorTemplates", + "deprecated": true, "depends_on": [ "nessus-get-scans-editors" ] } - }, + }, { "QrFullSearch": { - "name": "QrFullSearch", - "deprecated": true, + "name": "QrFullSearch", + "deprecated": true, "depends_on": [ - "QrGetSearchResults", - "qr-get-search", + "QrGetSearchResults", + "qr-get-search", "qr-searches" - ], + ], "script_executions": [ "QrGetSearchResults" ] } - }, + }, { "FetchFromInstance": { - "name": "FetchFromInstance", - "fromversion": "4.0.0", + "name": "FetchFromInstance", + "fromversion": "4.0.0", "deprecated": true } - }, + }, { "a6e348f4-1e40-4365-870c-52139c60779a": { - "name": "OktaGetUser", - "deprecated": true, + "name": "OktaGetUser", + "deprecated": true, "depends_on": [ "okta-get-user" ] } - }, + }, { "VolConnscan": { "name": "VolConnscan" } - }, + }, { "840aa9a7-04b2-4505-8238-8fe85f010dde": { - "name": "OktaActivateUser", - "deprecated": true, + "name": "OktaActivateUser", + "deprecated": true, "depends_on": [ "okta-activate-user" ] } - }, + }, { "CBLiveGetFile": { - "name": "CBLiveGetFile", - "depends_on": [ - "cb-session-create", - "cb-sensor-info", - "cb-command-create", - "cb-session-info", - "cb-file-get", - "cb-command-info", + "name": "CBLiveGetFile", + "depends_on": [ + "cb-session-create", + "cb-sensor-info", + "cb-command-create", + "cb-session-info", + "cb-file-get", + "cb-command-info", "cb-list-sessions" ] } - }, + }, { "ScheduleGenericPolling": { - "name": "ScheduleGenericPolling", + "name": "ScheduleGenericPolling", "fromversion": "4.0.0" } - }, + }, { "AddEvidence": { - "name": "AddEvidence", + "name": "AddEvidence", "fromversion": "2.5.0" } - }, + }, { "Ping": { "name": "Ping" } - }, + }, { "EncodeToAscii": { "name": "EncodeToAscii" } - }, + }, { "ServiceNowCreateIncident": { - "name": "ServiceNowCreateIncident", + "name": "ServiceNowCreateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-create-record" ] } - }, + }, { "TriagePhishing": { - "name": "TriagePhishing", + "name": "TriagePhishing", "deprecated": true } - }, + }, { "LessThanPercentage": { "name": "LessThanPercentage" } - }, + }, { "TrendmicroAlertStatus": { - "name": "TrendmicroAlertStatus", + "name": "TrendmicroAlertStatus", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "SandboxDetonateFile": { - "name": "SandboxDetonateFile", + "name": "SandboxDetonateFile", "script_executions": [ - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "IsIntegrationAvailable", - "getEntry", - "CuckooDetonateFile", - "CuckooTaskStatus", - "CuckooGetReport" + "CuckooDetonateFile", + "CuckooGetReport", + "CuckooTaskStatus", + "IsIntegrationAvailable", + "getEntry" ] } - }, + }, { "ParseEmailFiles": { - "name": "ParseEmailFiles", + "name": "ParseEmailFiles", "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "ConferSetSeverity": { - "name": "ConferSetSeverity", + "name": "ConferSetSeverity", "depends_on": [ "confer" - ], + ], "script_executions": [ "setSeverity" ] } - }, + }, { "ReverseList": { "name": "ReverseList" } - }, + }, { "ImpSfListEndpoints": { - "name": "ImpSfListEndpoints", + "name": "ImpSfListEndpoints", "depends_on": [ "imp-sf-list-endpoints" ] } - }, + }, { "9364c36f-b1d6-4233-88c2-75008b106c31": { - "name": "vmray_getResults", + "name": "vmray_getResults", "depends_on": [ "get_job_sample" - ], + ], "script_executions": [ - "get_job_sample", - "get_results", + "get_job_sample", + "get_results", "scheduleEntry" ] } - }, + }, { "InviteUser": { "name": "InviteUser" } - }, + }, { "VectraDetections": { - "name": "VectraDetections", - "deprecated": true, + "name": "VectraDetections", + "deprecated": true, "depends_on": [ "vec-detections" ] } - }, + }, { "StaticAnalyze": { "name": "StaticAnalyze" } - }, + }, { "GetContextValue": { - "name": "GetContextValue", + "name": "GetContextValue", "deprecated": true } - }, + }, { "TaniumFilterComputersByIndexQueryFileDetails": { - "name": "TaniumFilterComputersByIndexQueryFileDetails", + "name": "TaniumFilterComputersByIndexQueryFileDetails", "depends_on": [ "tn-ask-manual-question" ] } - }, + }, { "D2O365ComplianceSearch": { "name": "D2O365ComplianceSearch" } - }, + }, { "SearchIncidents": { "name": "SearchIncidents" } - }, + }, { "CuckooDisplayReport": { - "name": "CuckooDisplayReport", + "name": "CuckooDisplayReport", "depends_on": [ "ck-report" - ], + ], "script_executions": [ - "getFilePath", - "getEntry" + "getEntry", + "getFilePath" ] } - }, + }, { "VolPSList": { "name": "VolPSList" } - }, + }, { "CBLiveProcessList": { - "name": "CBLiveProcessList", + "name": "CBLiveProcessList", "depends_on": [ - "cb-command-info", + "cb-command-info", "cb-command-create" ] } - }, + }, { "GoogleappsGmailGetMail": { - "name": "GoogleappsGmailGetMail", - "deprecated": true, + "name": "GoogleappsGmailGetMail", + "deprecated": true, "depends_on": [ "googleapps-gmail-get-mail" ] } - }, + }, { "PTEnrich": { - "name": "PTEnrich", - "depends_on": [ - "pt-osint", - "pt-whois", - "pt-malware", - "pt-enrichment", - "pt-get-subdomains", - "pt-ssl-cert", + "name": "PTEnrich", + "depends_on": [ + "pt-osint", + "pt-whois", + "pt-malware", + "pt-enrichment", + "pt-get-subdomains", + "pt-ssl-cert", "pt-passive-dns" ] } - }, + }, { "ResolveShortenedURL": { "name": "ResolveShortenedURL" } - }, + }, { "CommonServerUserPython": { "name": "CommonServerUserPython" } - }, + }, { "5edd0c8e-4e6e-4afe-8f43-67bb9ebc4fd3": { - "name": "NetwitnessSearch", + "name": "NetwitnessSearch", "depends_on": [ "nw-sdk-search" ] } - }, + }, { "RunSqlQuery": { - "name": "RunSqlQuery", - "deprecated": true, + "name": "RunSqlQuery", + "deprecated": true, "depends_on": [ "query" - ], + ], "script_executions": [ "query" ] } - }, + }, { "d98506ea-fd06-49d6-8f1e-bb29ab06766e": { - "name": "VerifyContext", + "name": "VerifyContext", "deprecated": true } - }, + }, { "TimeStampToDate": { "name": "TimeStampToDate" } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "toversion": "3.1.0", + "name": "SlackAskUser", + "toversion": "3.1.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addOneTimeEntitlement" ] } - }, + }, { "CPShowAccessRulebase": { - "name": "CPShowAccessRulebase", - "deprecated": true, + "name": "CPShowAccessRulebase", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "VolNetworkConnections": { "name": "VolNetworkConnections" } - }, + }, { "DemistoDeleteIncident": { - "name": "DemistoDeleteIncident", - "deprecated": true, + "name": "DemistoDeleteIncident", + "deprecated": true, "depends_on": [ "demisto-api-post" ] } - }, + }, { "SSDeepReputation": { - "name": "SSDeepReputation", + "name": "SSDeepReputation", "script_executions": [ - "findIndicators", + "findIndicators", "getContext" ] } - }, + }, { "GrrGetHunt": { - "name": "GrrGetHunt", + "name": "GrrGetHunt", "depends_on": [ "grr_get_hunt" - ], + ], "script_executions": [ "grr_get_hunt" ] } - }, + }, { "findIncidentsWithIndicator": { "name": "findIncidentsWithIndicator" } - }, + }, { "ExifRead": { "name": "ExifRead" } - }, + }, { "AlgosecGetTicket": { - "name": "AlgosecGetTicket", + "name": "AlgosecGetTicket", "depends_on": [ "algosec-get-ticket" ] } - }, + }, { "IncapGetDomainApproverEmail": { - "name": "IncapGetDomainApproverEmail", + "name": "IncapGetDomainApproverEmail", "depends_on": [ "incap-get-domain-approver-email" ] } - }, + }, { "ElasticSearchDisplay": { - "name": "ElasticSearchDisplay", + "name": "ElasticSearchDisplay", "depends_on": [ "search" ] } - }, + }, { "ContextGetIps": { "name": "ContextGetIps" } - }, + }, { "D2Hardware": { "name": "D2Hardware" } - }, + }, { "82764532-0a4f-4b59-8cf9-fe1a00cabdae": { - "name": "OktaSearch", - "deprecated": true, + "name": "OktaSearch", + "deprecated": true, "depends_on": [ "okta-search" ] } - }, + }, { "TrendmicroSecurityProfileRetrieveAll": { - "name": "TrendmicroSecurityProfileRetrieveAll", + "name": "TrendmicroSecurityProfileRetrieveAll", "depends_on": [ "trendmicro-security-profile-retrieve-all" ] } - }, + }, { "PanoramaConfig": { - "name": "PanoramaConfig", - "deprecated": true, + "name": "PanoramaConfig", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "RepopulateFiles": { - "name": "RepopulateFiles", + "name": "RepopulateFiles", "script_executions": [ "getEntries" ] } - }, + }, { "SendMessageToOnlineUsers": { "name": "SendMessageToOnlineUsers" } - }, + }, { "SetIncidentCustomFields": { "name": "SetIncidentCustomFields" } - }, + }, { "CEFParser": { "name": "CEFParser" } - }, + }, { "ADSetNewPassword": { - "name": "ADSetNewPassword", - "deprecated": true, + "name": "ADSetNewPassword", + "deprecated": true, "depends_on": [ "ad-set-new-password" ] } - }, + }, { "misp_upload_sample": { - "name": "misp_upload_sample", + "name": "misp_upload_sample", "depends_on": [ "internal-misp-upload-sample" - ], + ], "script_executions": [ "getFilePath" ] } - }, + }, { "IsValueInArray": { "name": "IsValueInArray" } - }, + }, { "displayhtml": { "name": "DisplayHTML" } - }, + }, { "VectraClassifier": { - "name": "VectraClassifier", - "deprecated": true, + "name": "VectraClassifier", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "JSONtoCSV": { - "name": "JSONtoCSV", + "name": "JSONtoCSV", "script_executions": [ "getEntry" ] } - }, + }, { "ConferIncidentDetails": { - "name": "ConferIncidentDetails", + "name": "ConferIncidentDetails", "depends_on": [ "confer" ] } - }, + }, { "ParseJSON": { "name": "ParseJSON" } - }, + }, { "ScheduleCommand": { "name": "ScheduleCommand" } - }, + }, { "XBTimeline": { - "name": "XBTimeline", + "name": "XBTimeline", "depends_on": [ "xb-timeline" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "toversion": "3.1.0" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "toversion": "3.5.0", + "name": "IncidentSet", + "toversion": "3.5.0", "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" + "setIncident", + "setOwner", + "setPlaybook", + "setStage" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "deprecated": true } - }, + }, { "URLSSLVerification": { "name": "URLSSLVerification" } - }, + }, { "EmailDomainSquattingReputation": { "name": "EmailDomainSquattingReputation" } - }, + }, { "XBUser": { - "name": "XBUser", + "name": "XBUser", "depends_on": [ "xb-user" ] } - }, + }, { "SNUpdateTicket": { - "name": "SNUpdateTicket", - "deprecated": true, + "name": "SNUpdateTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-update" ] } - }, + }, { "ticksToTime": { "name": "ticksToTime" } - }, + }, { "dbbdc2e4-6105-4ee9-8e83-563a4b991a89": { - "name": "VirustotalIsMalicious", - "deprecated": true, + "name": "VirustotalIsMalicious", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "file", "file" ] } - }, + }, { "TopMaliciousRatioIndicators": { - "name": "TopMaliciousRatioIndicators", - "fromversion": "4.0.0", + "name": "TopMaliciousRatioIndicators", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "SetMultipleValues": { "name": "SetMultipleValues" } - }, + }, { "PanoramaCommit": { - "name": "PanoramaCommit", - "deprecated": true, + "name": "PanoramaCommit", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "CloseInvestigation": { - "name": "CloseInvestigation", + "name": "CloseInvestigation", "deprecated": true } - }, + }, { "CrowdStrikeUrlParse": { "name": "CrowdStrikeUrlParse" } - }, + }, { "MarkRelatedIncidents": { "name": "MarkRelatedIncidents" } - }, + }, { "DemistoSendInvite": { - "name": "DemistoSendInvite", + "name": "DemistoSendInvite", "depends_on": [ - "demisto-api-post", + "demisto-api-post", "demisto-api-get" ] } - }, + }, { "CommonIntegrationPython": { - "name": "CommonIntegrationPython", + "name": "CommonIntegrationPython", "deprecated": true } - }, + }, { "RunDockerCommand": { "name": "RunDockerCommand" } - }, + }, { "GoogleappsGmailSearch": { - "name": "GoogleappsGmailSearch", - "deprecated": true, + "name": "GoogleappsGmailSearch", + "deprecated": true, "depends_on": [ "googleapps-gmail-search" ] } - }, + }, { "EPODetermineRepository": { - "name": "EPODetermineRepository", + "name": "EPODetermineRepository", "deprecated": true } - }, + }, { "emailFieldTriggered": { "name": "emailFieldTriggered" } - }, + }, { "TrendMicroGetPolicyID": { - "name": "TrendMicroGetPolicyID", + "name": "TrendMicroGetPolicyID", "depends_on": [ "trendmicro-security-profile-retrieve-all" - ], + ], "script_executions": [ "TrendmicroSecurityProfileRetrieveAll" ] } - }, + }, { "AquatoneDiscover": { "name": "AquatoneDiscover" } - }, + }, { "ExtractDomainFromURL": { - "name": "ExtractDomainFromURL", + "name": "ExtractDomainFromURL", "deprecated": true } - }, + }, { "NetwitnessSAUpdateIncident": { - "name": "NetwitnessSAUpdateIncident", - "deprecated": true, + "name": "NetwitnessSAUpdateIncident", + "deprecated": true, "depends_on": [ "nw-update-incident" ] } - }, + }, { "UnzipFile": { - "name": "UnzipFile", + "name": "UnzipFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "NetwitnessSAGetAvailableAssignees": { - "name": "NetwitnessSAGetAvailableAssignees", + "name": "NetwitnessSAGetAvailableAssignees", "depends_on": [ "nw-get-available-assignees" ] } - }, + }, { "QualysCreateIncidentFromReport": { - "name": "QualysCreateIncidentFromReport", + "name": "QualysCreateIncidentFromReport", "depends_on": [ "qualys-host-list" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "CuckooDetonateURL": { - "name": "CuckooDetonateURL", + "name": "CuckooDetonateURL", "depends_on": [ "cuckoo-create-task-from-url" ] } - }, + }, { "UserEnrichAD": { - "name": "UserEnrichAD", + "name": "UserEnrichAD", "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUser" ] } - }, + }, { "WordTokenizer": { "name": "WordTokenizer" } - }, + }, { "da8594b8-0b57-4cb2-8578-94754bb577c6": { - "name": "NetwitnessSAListIncidents", + "name": "NetwitnessSAListIncidents", "depends_on": [ "nw-list-incidents" ] } - }, + }, { "IsContextSet": { - "name": "IsContextSet", + "name": "IsContextSet", "deprecated": true } - }, + }, { "Set": { "name": "Set" } - }, + }, { "ArcherCreateSecurityIncident": { - "name": "ArcherCreateSecurityIncident", + "name": "ArcherCreateSecurityIncident", "depends_on": [ "archer-create-record" ] } - }, + }, { "VolMalfindDumpAgent": { "name": "VolMalfindDumpAgent" } - }, + }, { "TrendmicroSystemEventRetrieve": { - "name": "TrendmicroSystemEventRetrieve", + "name": "TrendmicroSystemEventRetrieve", "depends_on": [ "trendmicro-system-event-retrieve" ] } - }, + }, { "MimecastFindEmail": { - "name": "MimecastFindEmail", + "name": "MimecastFindEmail", "depends_on": [ "mimecast-query" ] } - }, + }, { "D2Drop": { "name": "D2Drop" } - }, + }, { "TaniumFindRunningProcesses": { - "name": "TaniumFindRunningProcesses", - "deprecated": true, + "name": "TaniumFindRunningProcesses", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "NessusScanDetails": { - "name": "NessusScanDetails", - "deprecated": true, + "name": "NessusScanDetails", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "CBPCatalogFindHash": { - "name": "CBPCatalogFindHash", + "name": "CBPCatalogFindHash", "depends_on": [ "cbp-fileCatalog-search" ] } - }, + }, { "checkValue": { "name": "checkValue" } - }, + }, { "WhileLoop": { - "name": "WhileLoop", + "name": "WhileLoop", "deprecated": true } - }, + }, { "D2GetSystemLog": { "name": "D2GetSystemLog" } - }, + }, { "CopyFileD2": { "name": "CopyFileD2" } - }, + }, { "CheckFilesWildfirePy": { - "name": "CheckFilesWildfirePy", + "name": "CheckFilesWildfirePy", "depends_on": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "ADGetGroupMembers": { - "name": "ADGetGroupMembers", + "name": "ADGetGroupMembers", "depends_on": [ "ad-search" ] } - }, + }, { "SCPPullFiles": { - "name": "SCPPullFiles", + "name": "SCPPullFiles", "depends_on": [ "copy-from" ] } - }, + }, { "ReadFile": { - "name": "ReadFile", + "name": "ReadFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSensors": { - "name": "VectraSensors", - "deprecated": true, + "name": "VectraSensors", + "deprecated": true, "depends_on": [ "vec-sensors" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "deprecated": true, + "name": "QRadarFullSearch", + "deprecated": true, "depends_on": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "CSActors": { - "name": "CSActors", - "deprecated": true, + "name": "CSActors", + "deprecated": true, "depends_on": [ "cs-actors" ] } - }, + }, { "NessusGetReport": { - "name": "NessusGetReport", - "deprecated": true, + "name": "NessusGetReport", + "deprecated": true, "depends_on": [ - "scan-report-download", - "scan-export", + "scan-report-download", + "scan-export", "scan-export-status" ] } - }, + }, { "VolRaw": { "name": "VolRaw" } - }, + }, { "Base64Encode": { "name": "Base64Encode" } - }, + }, { "LCMAcknowledgeHost": { - "name": "LCMAcknowledgeHost", + "name": "LCMAcknowledgeHost", "depends_on": [ "lcm-acknowledge-host" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "ExtractEmail": { "name": "ExtractEmail" } - }, + }, { "NexposeVulnExtractor": { - "name": "NexposeVulnExtractor", + "name": "NexposeVulnExtractor", "depends_on": [ "nexpose" ] } - }, + }, { "XBTriggeredRules": { - "name": "XBTriggeredRules", + "name": "XBTriggeredRules", "depends_on": [ "xb-triggered-rules" ] } - }, + }, { "LoadJSON": { "name": "LoadJSON" } - }, + }, { "CommonUserServer": { "name": "CommonUserServer" } - }, + }, { "IsMaliciousIndicatorFound": { "name": "IsMaliciousIndicatorFound" } - }, + }, { "D2ActiveUsers": { "name": "D2ActiveUsers" } - }, + }, { "BuildEWSQuery": { "name": "BuildEWSQuery" } - }, + }, { "da330ce7-3a93-430c-8454-03b96cf5184e": { - "name": "OktaCreateUser", - "deprecated": true, + "name": "OktaCreateUser", + "deprecated": true, "depends_on": [ "okta-create-user" ] } - }, + }, { "JiraIssueUploadFile": { - "name": "JiraIssueUploadFile", - "deprecated": true, + "name": "JiraIssueUploadFile", + "deprecated": true, "depends_on": [ "jira-issue-upload-file" ] } - }, + }, { "PanoramaDynamicAddressGroup": { - "name": "PanoramaDynamicAddressGroup", + "name": "PanoramaDynamicAddressGroup", "deprecated": true } - }, + }, { "ActiveUsersD2": { "name": "ActiveUsersD2" } - }, + }, { "ParseExcel": { - "name": "ParseExcel", + "name": "ParseExcel", "script_executions": [ "getFilePath" ] } - }, + }, { "MatchRegex": { "name": "MatchRegex" } - }, + }, { "ip_to_host": { "name": "IPToHost" } - }, + }, { "AlgosecGetNetworkObject": { - "name": "AlgosecGetNetworkObject", + "name": "AlgosecGetNetworkObject", "depends_on": [ "algosec-get-network-object" ] } - }, + }, { "Autoruns": { "name": "Autoruns" } - }, + }, { "VectraTriage": { - "name": "VectraTriage", - "deprecated": true, + "name": "VectraTriage", + "deprecated": true, "depends_on": [ "vec-triage" ] } - }, + }, { "ATDDetonate": { - "name": "ATDDetonate", + "name": "ATDDetonate", "depends_on": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "XBInfo": { "name": "XBInfo" } - }, + }, { "NetwitnessSACreateIncident": { - "name": "NetwitnessSACreateIncident", + "name": "NetwitnessSACreateIncident", "depends_on": [ "nw-create-incident" ] } - }, + }, { "ExchangeSearchMailbox": { "name": "ExchangeSearchMailbox" } - }, + }, { "DT": { "name": "DT" } - }, + }, { "ed24d63f-4134-49c4-82c0-96885a7a1cc3": { - "name": "VerifyContextFields", + "name": "VerifyContextFields", "deprecated": true } - }, + }, { "5d44a5d9-d91a-4420-801f-755f26b60c47": { - "name": "cveLatest", - "deprecated": true, + "name": "cveLatest", + "deprecated": true, "depends_on": [ "cve-latest" ] } - }, + }, { "ad7de731-cadc-4f49-81cd-522cd4b7bfa5": { - "name": "CheckpointFWCreateBackup", + "name": "CheckpointFWCreateBackup", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "DemistoLogsBundle": { - "name": "DemistoLogsBundle", + "name": "DemistoLogsBundle", "depends_on": [ "demisto-api-download" ] } - }, + }, { "ContextGetEmails": { "name": "ContextGetEmails" } - }, + }, { "nexpose_create_incidents_from_assets": { - "name": "NexposeCreateIncidentsFromAssets", + "name": "NexposeCreateIncidentsFromAssets", "depends_on": [ "nexpose-get-asset" - ], + ], "script_executions": [ "getIncidents" ] } - }, + }, { "bffdcf72-2061-4767-83d5-3ff2a9e8afe7": { "name": "BlockIP" } - }, + }, { "ExchangeSearch": { - "name": "ExchangeSearch", - "deprecated": true, + "name": "ExchangeSearch", + "deprecated": true, "depends_on": [ "ews-search-mailbox" ] } - }, + }, { "CPSetRule": { - "name": "CPSetRule", - "deprecated": true, + "name": "CPSetRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", "checkpoint" ] } - }, + }, { "VolGetProcWithMalNetConn": { "name": "VolGetProcWithMalNetConn" } - }, + }, { "ConvertTableToHTML": { "name": "ConvertTableToHTML" } - }, + }, { "StringLength": { "name": "StringLength" } - }, + }, { "CuckooGetScreenshot": { - "name": "CuckooGetScreenshot", + "name": "CuckooGetScreenshot", "depends_on": [ "cuckoo-task-screenshot" ] } - }, + }, { "VolMalfind": { "name": "VolMalfind" } - }, + }, { "ExposeModules": { - "name": "ExposeModules", + "name": "ExposeModules", "deprecated": true } - }, + }, { "GrrGetFlows": { - "name": "GrrGetFlows", + "name": "GrrGetFlows", "depends_on": [ "grr_get_flows" - ], + ], "script_executions": [ "grr_get_flows" ] } - }, + }, { "IsTrue": { "name": "IsTrue" } - }, + }, { "SplunkSearchJsonPy": { - "name": "SplunkSearchJsonPy", - "deprecated": true, + "name": "SplunkSearchJsonPy", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "UnEscapeURLs": { "name": "UnEscapeURLs" } - }, + }, { "ProofpointDecodeURL": { "name": "ProofpointDecodeURL" } - }, + }, { "ReadPDFFile": { - "name": "ReadPDFFile", + "name": "ReadPDFFile", "script_executions": [ "getFilePath" ] } - }, + }, { "ContextContains": { "name": "ContextContains" } - }, + }, { "ADIsUserMember": { - "name": "ADIsUserMember", - "deprecated": true, + "name": "ADIsUserMember", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ - "ADGetUserGroups", + "ADGetUserGroups", "AdSearch" ] } - }, + }, { "PanoramaMove": { - "name": "PanoramaMove", - "deprecated": true, + "name": "PanoramaMove", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "ADGetUserGroups": { - "name": "ADGetUserGroups", - "deprecated": true, + "name": "ADGetUserGroups", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "ADUserLogonInfo": { - "name": "ADUserLogonInfo", - "deprecated": true, + "name": "ADUserLogonInfo", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "Osxcollector": { "name": "Osxcollector" } - }, + }, { "PWObservationPcapInfo": { - "name": "PWObservationPcapInfo", - "deprecated": true, + "name": "PWObservationPcapInfo", + "deprecated": true, "depends_on": [ "observation-pcap-info" ] } - }, + }, { "QrSearches": { - "name": "QrSearches", - "deprecated": true, + "name": "QrSearches", + "deprecated": true, "depends_on": [ "qr-searches" ] } - }, + }, { "ExtractIndicatorsFromTextFile": { "name": "ExtractIndicatorsFromTextFile" } - }, + }, { "CheckIPs": { - "name": "CheckIPs", - "deprecated": true, + "name": "CheckIPs", + "deprecated": true, "script_executions": [ "ip" ] } - }, + }, { "VolDlllist": { "name": "VolDlllist" } - }, + }, { "FPSetRule": { - "name": "FPSetRule", + "name": "FPSetRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "TrendMicroClassifier": { - "name": "TrendMicroClassifier", + "name": "TrendMicroClassifier", "depends_on": [ "trendmicro-alert-status" ] } - }, + }, { "TrendMicroGetHostID": { - "name": "TrendMicroGetHostID", + "name": "TrendMicroGetHostID", "depends_on": [ "trendmicro-host-retrieve-all" - ], + ], "script_executions": [ "TrendmicroHostRetrieveAll" ] } - }, + }, { "ExtractDomainFromUrlAndEmail": { "name": "ExtractDomainFromUrlAndEmail" } - }, + }, { "VectraSettings": { - "name": "VectraSettings", - "deprecated": true, + "name": "VectraSettings", + "deprecated": true, "depends_on": [ "vec-settings" ] } - }, + }, { "GenerateInvestigationSummaryReport": { - "name": "GenerateInvestigationSummaryReport", + "name": "GenerateInvestigationSummaryReport", "fromversion": "3.5.0" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "fromversion": "3.1.0" } - }, + }, { "EPORepositoryComplianceCheck": { - "name": "EPORepositoryComplianceCheck", - "deprecated": true, + "name": "EPORepositoryComplianceCheck", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "PWObservations": { - "name": "PWObservations", - "deprecated": true, + "name": "PWObservations", + "deprecated": true, "depends_on": [ "observation-search" ] } - }, + }, { "DBotPredictTextLabel": { - "name": "DBotPredictTextLabel", - "fromversion": "4.1.0", + "name": "DBotPredictTextLabel", + "fromversion": "4.1.0", "script_executions": [ "getList" ] } - }, + }, { "InRange": { "name": "InRange" } - }, + }, { "IngestCSV": { - "name": "IngestCSV", - "deprecated": true, + "name": "IngestCSV", + "deprecated": true, "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "TrendmicroHostAntimalwareScan": { - "name": "TrendmicroHostAntimalwareScan", + "name": "TrendmicroHostAntimalwareScan", "depends_on": [ "trendmicro-host-antimalware-scan" ] } - }, + }, { "QrGetSearchResults": { - "name": "QrGetSearchResults", - "deprecated": true, + "name": "QrGetSearchResults", + "deprecated": true, "depends_on": [ "qr-get-search-results" ] } - }, + }, { "NessusHostDetails": { - "name": "NessusHostDetails", - "deprecated": true, + "name": "NessusHostDetails", + "deprecated": true, "depends_on": [ "scan-host-details" ] } - }, + }, { "WhereFieldEquals": { "name": "WhereFieldEquals" } - }, + }, { "OSQueryUsers": { - "name": "OSQueryUsers", + "name": "OSQueryUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "CrowdStrikeStreamingPreProcessing": { - "name": "CrowdStrikeStreamingPreProcessing", + "name": "CrowdStrikeStreamingPreProcessing", "script_executions": [ "addEntries" ] } - }, + }, { "Strings": { - "name": "Strings", + "name": "Strings", "script_executions": [ "getFilePath" ] } - }, + }, { "QrOffenses": { - "name": "QrOffenses", - "deprecated": true, + "name": "QrOffenses", + "deprecated": true, "depends_on": [ "qr-offenses" ] } - }, + }, { "LCMHosts": { "name": "LCMHosts" } - }, + }, { "RegProbeBasic": { "name": "RegProbeBasic" } - }, + }, { "ContextGetHashes": { "name": "ContextGetHashes" } - }, + }, { "NexposeEmailParser": { - "name": "NexposeEmailParser", + "name": "NexposeEmailParser", "depends_on": [ "nexpose" ] } - }, + }, { "7b5c080e-f3b1-411a-83b0-e1f53c21bef8": { - "name": "WhileNotMdLoop", + "name": "WhileNotMdLoop", "deprecated": true } - }, + }, { "SlackMirror": { - "name": "SlackMirror", - "deprecated": true, + "name": "SlackMirror", + "deprecated": true, "depends_on": [ "slack-mirror-investigation" ] } - }, + }, { "CheckFiles": { - "name": "CheckFiles", - "deprecated": true, + "name": "CheckFiles", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "IsIPInRanges": { "name": "IsIPInRanges" } - }, + }, { "CBSessions": { - "name": "CBSessions", + "name": "CBSessions", "depends_on": [ "cb-list-sessions" ] } - }, + }, { "JSONFileToCSV": { - "name": "JSONFileToCSV", + "name": "JSONFileToCSV", "script_executions": [ "getFilePath" ] } - }, + }, { "GeneratePassword": { "name": "GeneratePassword" } - }, + }, { "IncidentSet": { - "name": "IncidentSet", - "fromversion": "3.5.1", - "deprecated": true, + "name": "IncidentSet", + "fromversion": "3.5.1", + "deprecated": true, "script_executions": [ - "setOwner", - "setStage", - "setIncident", - "setPlaybook" + "setIncident", + "setOwner", + "setPlaybook", + "setStage" ] } - }, + }, { "GoogleAuthURL": { "name": "GoogleAuthURL" } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "toversion": "3.0.1" } - }, + }, { "IPReputation": { - "name": "IPReputation", + "name": "IPReputation", "script_executions": [ "ip" ] } - }, + }, { "AwsCreateImage": { - "name": "AwsCreateImage", + "name": "AwsCreateImage", "depends_on": [ "create-image" ] } - }, + }, { "WildfireReport": { - "name": "WildfireReport", - "deprecated": true, + "name": "WildfireReport", + "deprecated": true, "depends_on": [ "wildfire-report" ] } - }, + }, { "LCMIndicatorsForEntity": { - "name": "LCMIndicatorsForEntity", + "name": "LCMIndicatorsForEntity", "depends_on": [ "lcm-indicatorsforentity" ] } - }, + }, { "hideFieldsOnNewIncident": { - "name": "hideFieldsOnNewIncident", + "name": "hideFieldsOnNewIncident", "fromversion": "3.6.0" } - }, + }, { "ImpSfScheduleTask": { - "name": "ImpSfScheduleTask", + "name": "ImpSfScheduleTask", "depends_on": [ - "ImpSfRevokeUnaccessedDevices", + "ImpSfRevokeUnaccessedDevices", "scheduleEntry" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "ServiceNowUpdateIncident": { - "name": "ServiceNowUpdateIncident", + "name": "ServiceNowUpdateIncident", "depends_on": [ - "servicenow-query-table", + "servicenow-query-table", "servicenow-update-record" ] } - }, + }, { "DataIPReputation": { - "name": "DataIPReputation", + "name": "DataIPReputation", "toversion": "3.0.1" } - }, + }, { "SetDateField": { - "name": "SetDateField", + "name": "SetDateField", "script_executions": [ "setIncident" ] } - }, + }, { "ADGetEmailForUser": { - "name": "ADGetEmailForUser", - "deprecated": true, + "name": "ADGetEmailForUser", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", - "toversion": "3.6.0", + "name": "EmailAskUser", + "toversion": "3.6.0", "fromversion": "3.5.0" } - }, + }, { "PWEventDetails": { - "name": "PWEventDetails", - "deprecated": true, + "name": "PWEventDetails", + "deprecated": true, "depends_on": [ "pw-event-get" ] } - }, + }, { "CheckSenderDomainDistance": { "name": "CheckSenderDomainDistance" } - }, + }, { "7b02fa0f-94ff-48c7-8350-b4e353702e73": { - "name": "VMRay", + "name": "VMRay", "depends_on": [ "upload_sample" - ], + ], "script_executions": [ - "getFilePath", - "upload_sample", - "scheduleEntry" + "getFilePath", + "scheduleEntry", + "upload_sample" ] } - }, + }, { "PWObservationPcapDownload": { - "name": "PWObservationPcapDownload", + "name": "PWObservationPcapDownload", "depends_on": [ "observation-pcap-download" ] } - }, + }, { "b695f044-fbdd-4d4b-89ce-9066cb0e165a": { - "name": "cveReputation", + "name": "cveReputation", "depends_on": [ "cve-search" ] } - }, + }, { "ParseEmailHeader": { - "name": "ParseEmailHeaders", + "name": "ParseEmailHeaders", "script_executions": [ "getFilePath" ] } - }, + }, { "IndicatorMaliciousRatioCalculation": { - "name": "IndicatorMaliciousRatioCalculation", - "fromversion": "3.5.0", + "name": "IndicatorMaliciousRatioCalculation", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", - "getIncidents", + "findIndicators", "getIncidents" ] } - }, + }, { "BinaryReputationPy": { - "name": "BinaryReputationPy", - "deprecated": true, + "name": "BinaryReputationPy", + "deprecated": true, "depends_on": [ "file" - ], + ], "script_executions": [ - "getEntries", - "file", - "file" + "file", + "getEntries" ] } - }, + }, { "ArcherUpdateSecurityIncident": { - "name": "ArcherUpdateSecurityIncident", + "name": "ArcherUpdateSecurityIncident", "depends_on": [ "archer-update-record" ] } - }, + }, { "IsListExist": { - "name": "IsListExist", + "name": "IsListExist", "script_executions": [ "getList" ] } - }, + }, { "CSCountDevicesForIOC": { - "name": "CSCountDevicesForIOC", - "deprecated": true, + "name": "CSCountDevicesForIOC", + "deprecated": true, "depends_on": [ "cs-device-count-ioc" ] } - }, + }, { "LCMSetHostComment": { - "name": "LCMSetHostComment", + "name": "LCMSetHostComment", "depends_on": [ "lcm-set-host-comment" - ], + ], "script_executions": [ "LCMHosts" ] } - }, + }, { "D2Exec": { "name": "D2Exec" } - }, + }, { "OSQueryProcesses": { - "name": "OSQueryProcesses", + "name": "OSQueryProcesses", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "NessusScanStatus": { - "name": "NessusScanStatus", - "deprecated": true, + "name": "NessusScanStatus", + "deprecated": true, "depends_on": [ "scan-details" ] } - }, + }, { "DemistoLinkIncidents": { - "name": "DemistoLinkIncidents", + "name": "DemistoLinkIncidents", "depends_on": [ "demisto-api-post" ] } - }, + }, { "JiraCreateIssue": { - "name": "JiraCreateIssue", - "deprecated": true, + "name": "JiraCreateIssue", + "deprecated": true, "depends_on": [ "jira-create-issue" ] } - }, + }, { "LocateAttachment": { - "name": "LocateAttachment", - "deprecated": true, + "name": "LocateAttachment", + "deprecated": true, "script_executions": [ "getEntries" ] } - }, + }, { "ADGetComputerGroups": { - "name": "ADGetComputerGroups", - "deprecated": true, + "name": "ADGetComputerGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "AdSearch" ] } - }, + }, { "MapValues": { "name": "MapValues" } - }, + }, { "QrGetSearch": { - "name": "QrGetSearch", - "deprecated": true, + "name": "QrGetSearch", + "deprecated": true, "depends_on": [ "qr-get-search" ] } - }, + }, { "EmailAskUser": { - "name": "EmailAskUser", + "name": "EmailAskUser", "fromversion": "4.0.0" } - }, + }, { "AwsGetInstanceInfo": { - "name": "AwsGetInstanceInfo", + "name": "AwsGetInstanceInfo", "depends_on": [ - "get-instance-info", - "get-ebs-volume-info", + "get-instance-info", + "get-ebs-volume-info", "get-sg-info" ] } - }, + }, { "CreateArray": { "name": "CreateArray" } - }, + }, { "ADListUsers": { - "name": "ADListUsers", - "deprecated": true, + "name": "ADListUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CBPFindRule": { - "name": "CBPFindRule", + "name": "CBPFindRule", "depends_on": [ "cbp-fileRule-search" ] } - }, + }, { "GoogleappsListUsers": { - "name": "GoogleappsListUsers", - "deprecated": true, + "name": "GoogleappsListUsers", + "deprecated": true, "depends_on": [ "googleapps-list-users" ] } - }, + }, { "ParseCSV": { - "name": "ParseCSV", + "name": "ParseCSV", "script_executions": [ "getEntries" ] } - }, + }, { "D2Winpmem": { "name": "D2Winpmem" } - }, + }, { "AlgosecGetApplications": { - "name": "AlgosecGetApplications", + "name": "AlgosecGetApplications", "depends_on": [ "algosec-get-applications" ] } - }, + }, { "Elasticsearch": { - "name": "Elasticsearch", + "name": "Elasticsearch", "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "EPOUpdateRepository": { - "name": "EPOUpdateRepository", - "deprecated": true, + "name": "EPOUpdateRepository", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "ZipFile": { - "name": "ZipFile", + "name": "ZipFile", "script_executions": [ "getFilePath" ] } - }, + }, { "VectraSummary": { - "name": "VectraSummary", - "deprecated": true, + "name": "VectraSummary", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "MattermostAskUser": { - "name": "MattermostAskUser", + "name": "MattermostAskUser", "depends_on": [ "mattermost-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "WhoisSummary": { - "name": "WhoisSummary", - "deprecated": true, + "name": "WhoisSummary", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "AssignAnalystToIncident": { "name": "AssignAnalystToIncident" } - }, + }, { "Base64ListToFile": { - "name": "Base64ListToFile", + "name": "Base64ListToFile", "script_executions": [ "getList" ] } - }, + }, { "LCMPathFinderScanHost": { - "name": "LCMPathFinderScanHost", + "name": "LCMPathFinderScanHost", "depends_on": [ "lcm-pathfinder-scan" ] } - }, + }, { "IncapScheduleTask": { - "name": "IncapScheduleTask", + "name": "IncapScheduleTask", "depends_on": [ - "scheduleEntry", + "scheduleEntry", "IncapWhitelistCompliance" - ], + ], "script_executions": [ "scheduleEntry" ] } - }, + }, { "SbQuery": { - "name": "SbQuery", + "name": "SbQuery", "depends_on": [ "sb-query" ] } - }, + }, { "GetStringsDistance": { "name": "GetStringsDistance" } - }, + }, { "CSHuntByIOC": { - "name": "CSHuntByIOC", - "deprecated": true, + "name": "CSHuntByIOC", + "deprecated": true, "depends_on": [ "cs-device-ran-on" ] } - }, + }, { "FireEyeDetonateFile": { - "name": "FireEyeDetonateFile", + "name": "FireEyeDetonateFile", "depends_on": [ - "fe-submit", - "fe-submit-result", + "fe-submit", + "fe-submit-result", "fe-submit-status" - ], + ], "script_executions": [ "IsIntegrationAvailable" ] } - }, + }, { "514ec833-c02c-49a3-8ac6-d982198f5fa0": { - "name": "OktaUpdateUser", - "deprecated": true, + "name": "OktaUpdateUser", + "deprecated": true, "depends_on": [ "okta-update-user" ] } - }, + }, { "JoinIfSingleElementOnly": { "name": "JoinIfSingleElementOnly" } - }, + }, { "PWObservationDetails": { - "name": "PWObservationDetails", - "deprecated": true, + "name": "PWObservationDetails", + "deprecated": true, "depends_on": [ "pw-observation-get" ] } - }, + }, { "SNOpenTicket": { - "name": "SNOpenTicket", - "deprecated": true, + "name": "SNOpenTicket", + "deprecated": true, "depends_on": [ "servicenow-incident-create" ] } - }, + }, { "IPInfoQuery": { - "name": "IPInfoQuery", - "deprecated": true, + "name": "IPInfoQuery", + "deprecated": true, "depends_on": [ "ipinfo_field" - ], + ], "script_executions": [ - "ipinfo_field", - "ip" + "ip", + "ipinfo_field" ] } - }, + }, { "RegCollectValues": { "name": "RegCollectValues" } - }, + }, { "MD5Extract": { - "name": "MD5Extract", + "name": "MD5Extract", "deprecated": true } - }, + }, { "CommonIntegration": { - "name": "CommonIntegration", + "name": "CommonIntegration", "deprecated": true } - }, + }, { "CBPBanHash": { - "name": "CBPBanHash", + "name": "CBPBanHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "URLDecode": { "name": "URLDecode" } - }, + }, { "AwsRunInstance": { - "name": "AwsRunInstance", + "name": "AwsRunInstance", "depends_on": [ "run-instance" ] } - }, + }, { "EPORetrieveCurrentDATVersion": { - "name": "EPORetrieveCurrentDATVersion", - "deprecated": true, + "name": "EPORetrieveCurrentDATVersion", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "TaniumShowPendingActions": { - "name": "TaniumShowPendingActions", - "deprecated": true, + "name": "TaniumShowPendingActions", + "deprecated": true, "depends_on": [ "tn-get-object" ] } - }, + }, { "PrintErrorEntry": { - "name": "PrintErrorEntry", + "name": "PrintErrorEntry", "fromversion": "4.0.0" } - }, + }, { "SEPCheckOutdatedEndpoints": { - "name": "SEPCheckOutdatedEndpoints", + "name": "SEPCheckOutdatedEndpoints", "depends_on": [ "sep-client-content" ] } - }, + }, { "URLNumberOfAds": { "name": "URLNumberOfAds" } - }, + }, { "IncidentToContext": { - "name": "IncidentToContext", + "name": "IncidentToContext", "deprecated": true } - }, + }, { "D2Users": { "name": "D2Users" } - }, + }, { "StripChars": { "name": "StripChars" } - }, + }, { "RegPathReputationBasicLists": { "name": "RegPathReputationBasicLists" } - }, + }, { "IsIntegrationAvailable": { "name": "IsIntegrationAvailable" } - }, + }, { "ExposeIncidentOwner": { "name": "ExposeIncidentOwner" } - }, + }, { "EmailReputation": { - "name": "EmailReputation", + "name": "EmailReputation", "script_executions": [ "email" ] } - }, + }, { "AwsCreateVolumeSnapshot": { - "name": "AwsCreateVolumeSnapshot", + "name": "AwsCreateVolumeSnapshot", "depends_on": [ "create-volume-snapshot" ] } - }, + }, { "CreateEmailHtmlBody": { "name": "CreateEmailHtmlBody" } - }, + }, { "listExecutedCommands": { "name": "listExecutedCommands" } - }, + }, { "EPOUpdateEndpoints": { - "name": "EPOUpdateEndpoints", - "deprecated": true, + "name": "EPOUpdateEndpoints", + "deprecated": true, "depends_on": [ "epo-command" ] } - }, + }, { "CheckSender": { - "name": "CheckSender", + "name": "CheckSender", "depends_on": [ "pipl-search" ] } - }, + }, { "NessusLaunchScan": { - "name": "NessusLaunchScan", - "deprecated": true, + "name": "NessusLaunchScan", + "deprecated": true, "depends_on": [ "scan-launch" ] } - }, + }, { "ADGetGroupUsers": { - "name": "ADGetGroupUsers", - "deprecated": true, + "name": "ADGetGroupUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CPTaskStatus": { - "name": "CPTaskStatus", - "deprecated": true, + "name": "CPTaskStatus", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "80b5c44c-4eac-4e00-812f-6d409d57be31": { - "name": "WhoisLookup", - "deprecated": true, + "name": "WhoisLookup", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "NetwitnessSAAddEventsToIncident": { - "name": "NetwitnessSAAddEventsToIncident", + "name": "NetwitnessSAAddEventsToIncident", "depends_on": [ "nw-add-events-to-incident" ] } - }, + }, { "StopScheduledTask": { - "name": "StopScheduledTask", + "name": "StopScheduledTask", "script_executions": [ "scheduleEntry" ] } - }, + }, { "SalesforceAskUser": { - "name": "SalesforceAskUser", + "name": "SalesforceAskUser", "depends_on": [ "salesforce-push-comment" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "ADListUsersEx": { - "name": "ADListUsersEx", - "deprecated": true, + "name": "ADListUsersEx", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "OSQueryOpenSockets": { - "name": "OSQueryOpenSockets", + "name": "OSQueryOpenSockets", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "EsmExample": { - "name": "EsmExample", + "name": "EsmExample", "depends_on": [ "search" ] } - }, + }, { "SetSeverityByScore": { - "name": "SetSeverityByScore", + "name": "SetSeverityByScore", "script_executions": [ - "IncidentSet", - "IncidentSet", "IncidentSet" ] } - }, + }, { "RSAArcherManualFetch": { - "name": "RSAArcherManualFetch", + "name": "RSAArcherManualFetch", "depends_on": [ "archer-manually-fetch-incident" - ], + ], "script_executions": [ "createNewIncident" ] } - }, + }, { "CheckpointFWBackupStatus": { - "name": "CheckpointFWBackupStatus", + "name": "CheckpointFWBackupStatus", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "VolImageinfo": { "name": "VolImageinfo" } - }, + }, { "CBPApproveHash": { - "name": "CBPApproveHash", + "name": "CBPApproveHash", "depends_on": [ "cbp-fileRule-update" ] } - }, + }, { "ParseEmailFile": { - "name": "ParseEmailFile", - "deprecated": true, + "name": "ParseEmailFile", + "deprecated": true, "script_executions": [ - "getEntry", + "getEntry", "getFilePath" ] } - }, + }, { "GoogleappsRevokeUserRole": { - "name": "GoogleappsRevokeUserRole", + "name": "GoogleappsRevokeUserRole", "depends_on": [ "googleapps-revoke-user-role" ] } - }, + }, { "DBotPredictPhishingEvaluation": { - "name": "DBotPredictPhishingEvaluation", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingEvaluation", + "fromversion": "4.1.0", "script_executions": [ - "DBotPreparePhishingData", + "DBotPreparePhishingData", "setIncident" ] } - }, + }, { "DemistoUploadFile": { - "name": "DemistoUploadFile", + "name": "DemistoUploadFile", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SNListTickets": { - "name": "SNListTickets", - "deprecated": true, + "name": "SNListTickets", + "deprecated": true, "depends_on": [ "servicenow-incidents-query" ] } - }, + }, { "JiraIssueAddComment": { - "name": "JiraIssueAddComment", - "deprecated": true, + "name": "JiraIssueAddComment", + "deprecated": true, "depends_on": [ "jira-issue-add-comment" ] } - }, + }, { "AlgosecCreateTicket": { - "name": "AlgosecCreateTicket", + "name": "AlgosecCreateTicket", "depends_on": [ "algosec-create-ticket" ] } - }, + }, { "DeleteContext": { "name": "DeleteContext" } - }, + }, { "ADGetUsersByEmail": { - "name": "ADGetUsersByEmail", - "deprecated": true, + "name": "ADGetUsersByEmail", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "LanguageDetect": { "name": "LanguageDetect" } - }, + }, { "IncapGetAppInfo": { - "name": "IncapGetAppInfo", + "name": "IncapGetAppInfo", "depends_on": [ "incap-get-app-info" ] } - }, + }, { "SplunkEmailParser": { - "name": "SplunkEmailParser", + "name": "SplunkEmailParser", "depends_on": [ "search" ] } - }, + }, { "GetTime": { "name": "GetTime" } - }, + }, { "PortListenCheck": { "name": "PortListenCheck" } - }, + }, { "f99a85a6-c572-4c3a-8afd-5b4ac539000a": { - "name": "WhileNotExistLoop", + "name": "WhileNotExistLoop", "deprecated": true } - }, + }, { "PanoramaBlockIP": { - "name": "PanoramaBlockIP", - "deprecated": true, + "name": "PanoramaBlockIP", + "deprecated": true, "depends_on": [ "panorama" ] } - }, + }, { "IdentifyAttachedEmail": { - "name": "IdentifyAttachedEmail", + "name": "IdentifyAttachedEmail", "script_executions": [ "getEntries" ] } - }, + }, { "D2Services": { "name": "D2Services" } - }, + }, { "AlgosecQuery": { - "name": "AlgosecQuery", + "name": "AlgosecQuery", "depends_on": [ "algosec-query" ] } - }, + }, { "AwsStartInstance": { - "name": "AwsStartInstance", + "name": "AwsStartInstance", "depends_on": [ "start-instance" ] } - }, + }, { "DomainReputation": { - "name": "DomainReputation", + "name": "DomainReputation", "script_executions": [ "domain" ] } - }, + }, { "GetDuplicatesMlv2": { - "name": "GetDuplicatesMlv2", - "fromversion": "3.5.0", + "name": "GetDuplicatesMlv2", + "fromversion": "3.5.0", "script_executions": [ - "getIncidents", - "findIndicators", + "findIndicators", "getIncidents" ] } - }, + }, { "JIRAPrintIssue": { - "name": "JIRAPrintIssue", + "name": "JIRAPrintIssue", "depends_on": [ "jira-get-issue" ] } - }, + }, { "FPDeleteRule": { - "name": "FPDeleteRule", + "name": "FPDeleteRule", "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "isError": { "name": "isError" } - }, + }, { "CommonServerPython": { "name": "CommonServerPython" } - }, + }, { "10cb3486-48f3-4d93-88af-b6be84ffd432": { - "name": "OktaGetGroups", - "deprecated": true, + "name": "OktaGetGroups", + "deprecated": true, "depends_on": [ "okta-get-groups" ] } - }, + }, { "DocumentationAutomation": { - "name": "DocumentationAutomation", + "name": "DocumentationAutomation", "script_executions": [ "getFilePath" ] } - }, + }, { "FileReputation": { - "name": "FileReputation", + "name": "FileReputation", "script_executions": [ "file" ] } - }, + }, { "AreValuesEqual": { "name": "AreValuesEqual" } - }, + }, { "LCMDetectedEntities": { - "name": "LCMDetectedEntities", + "name": "LCMDetectedEntities", "depends_on": [ "lcm-entities" ] } - }, + }, { "UtilAnyResults": { "name": "UtilAnyResults" } - }, + }, { "ExampleJSScript": { "name": "ExampleJSScript" } - }, + }, { "UnEscapeIPs": { "name": "UnEscapeIPs" } - }, + }, { "OSQueryLoggedInUsers": { - "name": "OSQueryLoggedInUsers", + "name": "OSQueryLoggedInUsers", "depends_on": [ "OSQueryBasicQuery" - ], + ], "script_executions": [ "OSQueryBasicQuery" ] } - }, + }, { "FindSimilarIncidentsByText": { "name": "FindSimilarIncidentsByText" } - }, + }, { "IncapWhitelistCompliance": { - "name": "IncapWhitelistCompliance", + "name": "IncapWhitelistCompliance", "depends_on": [ - "incap-get-domain-approver-email", - "RemoteExec", - "incap-list-sites", + "incap-get-domain-approver-email", + "RemoteExec", + "incap-list-sites", "SendEmail" - ], + ], "script_executions": [ - "SendEmail", - "RemoteExec" + "RemoteExec", + "SendEmail" ] } - }, + }, { "c99e196b-e05e-41f2-82cb-6798f33cb653": { - "name": "cveSearch", - "deprecated": true, + "name": "cveSearch", + "deprecated": true, "depends_on": [ "cve-search" ] } - }, + }, { "5e125fdd-72f1-455f-89fa-e6f9405174a4": { "name": "NotInContextVerification" } - }, + }, { "ExtractDomain": { "name": "ExtractDomain" } - }, + }, { "DemistoCreateList": { - "name": "DemistoCreateList", + "name": "DemistoCreateList", "depends_on": [ "demisto-api-post" ] } - }, + }, { "ServiceNowQueryIncident": { - "name": "ServiceNowQueryIncident", + "name": "ServiceNowQueryIncident", "depends_on": [ "servicenow-query-table" ] } - }, + }, { "MimecastQuery": { - "name": "MimecastQuery", + "name": "MimecastQuery", "depends_on": [ "mimecast-query" ] } - }, + }, { "misp_download_sample": { - "name": "misp_download_sample", + "name": "misp_download_sample", "depends_on": [ "internal-misp-download-sample" ] } - }, + }, { "ExchangeDeleteIDsFromContext": { - "name": "ExchangeDeleteIDsFromContext", - "deprecated": true, + "name": "ExchangeDeleteIDsFromContext", + "deprecated": true, "depends_on": [ "ews-delete-items" ] } - }, + }, { "DumpJSON": { "name": "DumpJSON" } - }, + }, { "ADGetGroupComputers": { - "name": "ADGetGroupComputers", - "deprecated": true, + "name": "ADGetGroupComputers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "TrendmicroAntiMalwareEventRetrieve": { - "name": "TrendmicroAntiMalwareEventRetrieve", + "name": "TrendmicroAntiMalwareEventRetrieve", "depends_on": [ "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Sleep": { "name": "Sleep" } - }, + }, { "AdSearch": { - "name": "AdSearch", - "deprecated": true, + "name": "AdSearch", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "XBNotable": { - "name": "XBNotable", + "name": "XBNotable", "depends_on": [ "xb-notable" ] } - }, + }, { "GoogleappsGetUser": { - "name": "GoogleappsGetUser", - "deprecated": true, + "name": "GoogleappsGetUser", + "deprecated": true, "depends_on": [ "googleapps-get-user" ] } - }, + }, { "CBLiveFetchFiles": { - "name": "CBLiveFetchFiles", + "name": "CBLiveFetchFiles", "depends_on": [ "CBLiveGetFile" - ], + ], "script_executions": [ "CBLiveGetFile" ] } - }, + }, { "JiraIssueAddLink": { - "name": "JiraIssueAddLink", - "deprecated": true, + "name": "JiraIssueAddLink", + "deprecated": true, "depends_on": [ "jira-issue-add-link" ] } - }, + }, { "ContextSearchForString": { "name": "ContextSearchForString" } - }, + }, { "ShowOnMap": { "name": "ShowOnMap" } - }, + }, { "CBFindIP": { - "name": "CBFindIP", + "name": "CBFindIP", "depends_on": [ "CBSearch" - ], + ], "script_executions": [ "CBSearch" ] } - }, + }, { "D2Rekall": { "name": "D2Rekall" } - }, + }, { "CuckooGetReport": { - "name": "CuckooGetReport", + "name": "CuckooGetReport", "depends_on": [ "cuckoo-get-task-report" ] } - }, + }, { "BinarySearchPy": { - "name": "BinarySearchPy", + "name": "BinarySearchPy", "depends_on": [ "cb-process" - ], + ], "script_executions": [ "getEntries" ] } - }, + }, { "Volatility": { "name": "Volatility" } - }, + }, { "GrrGetFiles": { - "name": "GrrGetFiles", + "name": "GrrGetFiles", "depends_on": [ "grr_get_files" - ], + ], "script_executions": [ "grr_get_files" ] } - }, + }, { "FetchFileD2": { "name": "FetchFileD2" } - }, + }, { "ToTable": { "name": "ToTable" } - }, + }, { "XBLockouts": { - "name": "XBLockouts", + "name": "XBLockouts", "depends_on": [ "xb-lockouts" ] } - }, + }, { "ExchangeAssignRole": { "name": "ExchangeAssignRole" } - }, + }, { "GrrSetHunts": { - "name": "GrrSetHunts", + "name": "GrrSetHunts", "depends_on": [ "grr_set_hunts" - ], + ], "script_executions": [ "grr_set_hunts" ] } - }, + }, { "MaliciousRatioReputation": { - "name": "MaliciousRatioReputation", - "fromversion": "4.0.0", + "name": "MaliciousRatioReputation", + "fromversion": "4.0.0", "script_executions": [ - "findIndicators", + "findIndicators", "maliciousRatio" ] } - }, + }, { "EPOFindSystem": { - "name": "EPOFindSystem", + "name": "EPOFindSystem", "depends_on": [ "epo-command" ] } - }, + }, { "TaniumAskQuestionComplex": { - "name": "TaniumAskQuestionComplex", - "deprecated": true, + "name": "TaniumAskQuestionComplex", + "deprecated": true, "depends_on": [ - "tn-add-question-complex", - "tn-result-data", + "tn-add-question-complex", + "tn-result-data", "tn-result-info" ] } - }, + }, { "DataURLReputation": { - "name": "DataURLReputation", + "name": "DataURLReputation", "deprecated": true } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "toversion": "3.0.1", + "name": "DataHashReputation", + "toversion": "3.0.1", "depends_on": [ "file" ] } - }, + }, { "GetIndicatorDBotScore": { - "name": "GetIndicatorDBotScore", - "fromversion": "3.5.0", + "name": "GetIndicatorDBotScore", + "fromversion": "3.5.0", "script_executions": [ "getIndicator" ] } - }, + }, { "HTTPListRedirects": { "name": "HTTPListRedirects" } - }, + }, { "DataHashReputation": { - "name": "DataHashReputation", - "deprecated": true, + "name": "DataHashReputation", + "deprecated": true, "depends_on": [ "file" ] } - }, + }, { "CBEvents": { - "name": "CBEvents", + "name": "CBEvents", "depends_on": [ - "cb-process", + "cb-process", "process-events" ] } - }, + }, { "Whois": { - "name": "Whois", - "deprecated": true, + "name": "Whois", + "deprecated": true, "depends_on": [ "whois" ] } - }, + }, { "MarkAsNoteByTag": { - "name": "MarkAsNoteByTag", + "name": "MarkAsNoteByTag", "script_executions": [ - "getEntries", + "getEntries", "markAsNote" ] } - }, + }, { "TaniumApprovePendingActions": { - "name": "TaniumApprovePendingActions", - "deprecated": true, + "name": "TaniumApprovePendingActions", + "deprecated": true, "depends_on": [ - "tn-add-object", + "tn-add-object", "tn-get-object" ] } - }, + }, { "GenericPollingScheduledTask": { "name": "GenericPollingScheduledTask" } - }, + }, { "NessusListScans": { - "name": "NessusListScans", - "deprecated": true, + "name": "NessusListScans", + "deprecated": true, "depends_on": [ "scans-list" ] } - }, + }, { "TaniumAskQuestion": { - "name": "TaniumAskQuestion", - "deprecated": true, + "name": "TaniumAskQuestion", + "deprecated": true, "depends_on": [ - "tn-result-data", + "tn-result-data", "tn-result-info" ] } - }, + }, { "ExportToCSV": { "name": "ExportToCSV" } - }, + }, { "URLReputation": { - "name": "URLReputation", + "name": "URLReputation", "script_executions": [ "url" ] } - }, + }, { "IncidentAddSystem": { "name": "IncidentAddSystem" } - }, + }, { "FindSimilarIncidents": { - "name": "FindSimilarIncidents", + "name": "FindSimilarIncidents", "script_executions": [ "getContext" ] } - }, + }, { "CPDeleteRule": { - "name": "CPDeleteRule", - "deprecated": true, + "name": "CPDeleteRule", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ - "checkpoint", "checkpoint" ] } - }, + }, { "RegexGroups": { "name": "RegexGroups" } - }, + }, { "RemoteExec": { - "name": "RemoteExec", + "name": "RemoteExec", "depends_on": [ "ssh" ] } - }, + }, { "PublishEntriesToContext": { "name": "PublishEntriesToContext" } - }, + }, { "http": { - "name": "http", + "name": "http", "toversion": "3.1.0" } - }, + }, { "GoogleappsGetUserRoles": { - "name": "GoogleappsGetUserRoles", - "deprecated": true, + "name": "GoogleappsGetUserRoles", + "deprecated": true, "depends_on": [ "googleapps-get-user-roles" ] } - }, + }, { "ExchangeDeleteMail": { "name": "ExchangeDeleteMail" } - }, + }, { "SbUpload": { - "name": "SbUpload", + "name": "SbUpload", "depends_on": [ "sb-upload" ] } - }, + }, { "3dd62013-4fed-43eb-8ae4-91b1b4250599": { - "name": "OktaSetPassword", - "deprecated": true, + "name": "OktaSetPassword", + "deprecated": true, "depends_on": [ "okta-set-password" ] } - }, + }, { "D2Processes": { "name": "D2Processes" } - }, + }, { "IncapListSites": { - "name": "IncapListSites", + "name": "IncapListSites", "depends_on": [ "incap-list-sites" ] } - }, + }, { "ADGetEmailForAllUsers": { - "name": "ADGetEmailForAllUsers", - "deprecated": true, + "name": "ADGetEmailForAllUsers", + "deprecated": true, "depends_on": [ "ad-search" ] } - }, + }, { "CuckooTaskStatus": { - "name": "CuckooTaskStatus", + "name": "CuckooTaskStatus", "depends_on": [ "cuckoo-view-task" ] } - }, + }, { "PWEvents": { - "name": "PWEvents", - "deprecated": true, + "name": "PWEvents", + "deprecated": true, "depends_on": [ "search" - ], + ], "script_executions": [ "search" ] } - }, + }, { "NexposeEmailParserForVuln": { - "name": "NexposeEmailParserForVuln", + "name": "NexposeEmailParserForVuln", "depends_on": [ "nexpose" ] } - }, + }, { "CloseInvestigationAsDuplicate": { - "name": "CloseInvestigationAsDuplicate", + "name": "CloseInvestigationAsDuplicate", "script_executions": [ "linkIncidents" ] } - }, + }, { "GetDuplicatesMl": { - "name": "GetDuplicatesMl", - "fromversion": "3.5.0", - "deprecated": true, + "name": "GetDuplicatesMl", + "fromversion": "3.5.0", + "deprecated": true, "script_executions": [ - "getIncidents", - "findIndicators", + "findIndicators", "getIncidents" ] } - }, + }, { "FailedInstances": { - "name": "FailedInstances", + "name": "FailedInstances", "fromversion": "4.0.0" } - }, + }, { "UnPackFile": { - "name": "UnPackFile", + "name": "UnPackFile", "script_executions": [ - "getEntries", + "getEntries", "getFilePath" ] } - }, + }, { "http": { - "name": "http", + "name": "http", "fromversion": "3.5.0" } - }, + }, { "DBotPredictPhishingLabel": { - "name": "DBotPredictPhishingLabel", - "fromversion": "4.1.0", + "name": "DBotPredictPhishingLabel", + "fromversion": "4.1.0", "script_executions": [ "DBotPredictTextLabel" ] } - }, + }, { "CPCreateBackup": { - "name": "CPCreateBackup", - "deprecated": true, + "name": "CPCreateBackup", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "ExtractIP": { "name": "ExtractIP" } - }, + }, { "CheckURLs": { - "name": "CheckURLs", - "deprecated": true, + "name": "CheckURLs", + "deprecated": true, "script_executions": [ "url" ] } - }, + }, { "SplunkPySearch": { - "name": "SplunkPySearch", + "name": "SplunkPySearch", "depends_on": [ "splunk-search" ] } - }, + }, { "GrrGetHunts": { - "name": "GrrGetHunts", + "name": "GrrGetHunts", "depends_on": [ "grr_get_hunts" - ], + ], "script_executions": [ "grr_get_hunts" ] } - }, + }, { "ImpSfSetEndpointStatus": { - "name": "ImpSfSetEndpointStatus", + "name": "ImpSfSetEndpointStatus", "depends_on": [ "imp-sf-set-endpoint-status" ] } - }, + }, { "PCAPMiner": { - "name": "PCAPMiner", + "name": "PCAPMiner", "script_executions": [ "getFilePath" ] } - }, + }, { "D2GetFile": { "name": "D2GetFile" } - }, + }, { "PagerDutyAssignOnCallUser": { - "name": "PagerDutyAssignOnCallUser", + "name": "PagerDutyAssignOnCallUser", "depends_on": [ "PagerDuty-get-users-on-call-now" ] } - }, + }, { "ExtractHTMLTables": { "name": "ExtractHTMLTables" } - }, + }, { "ContainsCreditCardInfo": { "name": "ContainsCreditCardInfo" } - }, + }, { "CBSearch": { "name": "CBSearch" } - }, + }, { "DataDomainReputation": { - "name": "DataDomainReputation", + "name": "DataDomainReputation", "toversion": "3.0.1" } - }, + }, { "DBotClosedIncidentsPercentage": { "name": "DBotClosedIncidentsPercentage" } - }, + }, { "CBAlerts": { - "name": "CBAlerts", + "name": "CBAlerts", "depends_on": [ "cb-alert" ] } - }, + }, { "ParseWordDoc": { - "name": "ParseWordDoc", + "name": "ParseWordDoc", "script_executions": [ "getFilePath" ] } - }, + }, { "VolJson": { "name": "VolJson" } - }, + }, { "SlackSend": { - "name": "SlackSend", - "deprecated": true, + "name": "SlackSend", + "deprecated": true, "depends_on": [ "slack-send" ] } - }, + }, { "ExposeList": { - "name": "ExposeList", + "name": "ExposeList", "deprecated": true } - }, + }, { "VectraHealth": { - "name": "VectraHealth", - "deprecated": true, + "name": "VectraHealth", + "deprecated": true, "depends_on": [ "vec-health" ] } - }, + }, { "D2ExecuteCommand": { "name": "D2ExecuteCommand" } - }, + }, { "46e2109c-b735-458e-884f-030229a20830": { "name": "SetByIncidentId" } - }, + }, { "dfa728bb-8291-4f8c-8185-53fad210f1b5": { "name": "VerifyHumanReadableContains" } - }, + }, { "ContextGetPathForString": { "name": "ContextGetPathForString" } - }, + }, { "LCMResolveHost": { - "name": "LCMResolveHost", + "name": "LCMResolveHost", "depends_on": [ "lcm-resolve-host" ] } - }, + }, { "IsGreaterThan": { "name": "IsGreaterThan" } - }, + }, { "SbQuota": { - "name": "SbQuota", + "name": "SbQuota", "depends_on": [ "sb-quota" ] } - }, + }, { "ContextFilter": { "name": "ContextFilter" } - }, + }, { "O365SearchEmails": { - "name": "O365SearchEmails", + "name": "O365SearchEmails", "script_executions": [ - "D2O365SearchAndDelete", - "D2O365ComplianceSearch" + "D2O365ComplianceSearch", + "D2O365SearchAndDelete" ] } - }, + }, { "AnalyzeOSX": { - "name": "AnalyzeOSX", + "name": "AnalyzeOSX", "depends_on": [ - "url", - "Osxcollector", + "url", + "Osxcollector", "file" ] } - }, + }, { "PWEventPcapDownload": { - "name": "PWEventPcapDownload", + "name": "PWEventPcapDownload", "depends_on": [ "event-pcap-download" ] } - }, + }, { "AnalyzeMemImage": { "name": "AnalyzeMemImage" } - }, + }, { "8bb47409-fffb-40c4-8601-d5fd20384e26": { - "name": "SetTime", + "name": "SetTime", "script_executions": [ "setIncident" ] } - }, + }, { "JiraGetIssue": { - "name": "JiraGetIssue", - "deprecated": true, + "name": "JiraGetIssue", + "deprecated": true, "depends_on": [ "jira-get-issue" ] } - }, + }, { "ADExpirePassword": { - "name": "ADExpirePassword", - "deprecated": true, + "name": "ADExpirePassword", + "deprecated": true, "depends_on": [ "ad-expire-password" ] } - }, + }, { "ImpSfRevokeUnaccessedDevices": { - "name": "ImpSfRevokeUnaccessedDevices", + "name": "ImpSfRevokeUnaccessedDevices", "depends_on": [ - "ImpSfSetEndpointStatus", + "ImpSfSetEndpointStatus", "ImpSfListEndpoints" - ], + ], "script_executions": [ - "SendEmail", - "ImpSfListEndpoints", - "ImpSfSetEndpointStatus" + "ImpSfListEndpoints", + "ImpSfSetEndpointStatus", + "SendEmail" ] } - }, + }, { "ADGetUser": { - "name": "ADGetUser", + "name": "ADGetUser", "depends_on": [ "ad-search" ] } - }, + }, { "SendEmail": { - "name": "SendEmail", + "name": "SendEmail", "depends_on": [ "send-mail" ] } - }, + }, { "EPOCheckLatestDAT": { - "name": "EPOCheckLatestDAT", + "name": "EPOCheckLatestDAT", "deprecated": true } - }, + }, { "PagerDutyAlertOnIncident": { - "name": "PagerDutyAlertOnIncident", + "name": "PagerDutyAlertOnIncident", "depends_on": [ "PagerDuty-submit-event" ] } - }, + }, { "URLExtract": { - "name": "URLExtract", + "name": "URLExtract", "deprecated": true } - }, + }, { "TaniumDeployAction": { - "name": "TaniumDeployAction", - "deprecated": true, + "name": "TaniumDeployAction", + "deprecated": true, "depends_on": [ "tn-deploy-package" ] } - }, + }, { "SendEmailToManager": { - "name": "SendEmailToManager", - "toversion": "3.1.0", + "name": "SendEmailToManager", + "toversion": "3.1.0", "depends_on": [ - "ad-search", + "ad-search", "send-mail" - ], + ], "script_executions": [ - "AdSearch", - "AdSearch", + "AdSearch", "addOneTimeEntitlement" ] } - }, + }, { "StringReplace": { "name": "StringReplace" } - }, + }, { "TextFromHTML": { "name": "TextFromHTML" } - }, + }, { "CPShowBackupStatus": { - "name": "CPShowBackupStatus", - "deprecated": true, + "name": "CPShowBackupStatus", + "deprecated": true, "depends_on": [ "ssh" - ], + ], "script_executions": [ "ssh" ] } - }, + }, { "RunPollingCommand": { - "name": "RunPollingCommand", + "name": "RunPollingCommand", "fromversion": "4.0.0" } - }, + }, { "CBWatchlists": { - "name": "CBWatchlists", + "name": "CBWatchlists", "depends_on": [ "cb-watchlist-get" ] } - }, + }, { "DamSensorDown": { - "name": "DamSensorDown", + "name": "DamSensorDown", "depends_on": [ "dam-get-latest-by-rule" ] } - }, + }, { "94f72ed9-49c8-40e5-89bb-7c98f914d2cc": { - "name": "OktaDeactivateUser", - "deprecated": true, + "name": "OktaDeactivateUser", + "deprecated": true, "depends_on": [ "okta-deactivate-user" ] } - }, + }, { "34f0498c-d3da-4ac3-8cad-a28804bf1f21": { - "name": "NetwitnessQuery", + "name": "NetwitnessQuery", "depends_on": [ "nw-sdk-query" ] } - }, + }, { "CBSensors": { - "name": "CBSensors", + "name": "CBSensors", "depends_on": [ "cb-list-sensors" ] } - }, + }, { "VolRunCmds": { "name": "VolRunCmds" } - }, + }, { "ADGetComputer": { - "name": "ADGetComputer", + "name": "ADGetComputer", "depends_on": [ "ad-search" ] } - }, + }, { "DemistoUploadFileToIncident": { - "name": "DemistoUploadFileToIncident", + "name": "DemistoUploadFileToIncident", "depends_on": [ "demisto-api-multipart" ] } - }, + }, { "SbDownload": { - "name": "SbDownload", + "name": "SbDownload", "depends_on": [ "sb-download" ] } - }, + }, { "OSQueryBasicQuery": { - "name": "OSQueryBasicQuery", + "name": "OSQueryBasicQuery", "depends_on": [ "RemoteExec" - ], + ], "script_executions": [ "RemoteExec" ] } - }, + }, { "AggregateIOCs": { - "name": "AggregateIOCs", + "name": "AggregateIOCs", "deprecated": true } - }, + }, { "LinkIncidentsWithRetry": { - "name": "LinkIncidentsWithRetry", + "name": "LinkIncidentsWithRetry", "script_executions": [ - "linkIncidents", "linkIncidents" ] } - }, + }, { "PDFUnlocker": { - "name": "PDFUnlocker", + "name": "PDFUnlocker", "script_executions": [ "getFilePath" ] } - }, + }, { "D2RegQuery": { "name": "D2RegQuery" } - }, + }, { "ExtractURL": { "name": "ExtractURL" } - }, + }, { "StringContains": { "name": "StringContains" } - }, + }, { "CPBlockIP": { - "name": "CPBlockIP", - "deprecated": true, + "name": "CPBlockIP", + "deprecated": true, "depends_on": [ "checkpoint" - ], + ], "script_executions": [ "checkpoint" ] } - }, + }, { "TrendmicroSecurityProfileAssignToHost": { - "name": "TrendmicroSecurityProfileAssignToHost", + "name": "TrendmicroSecurityProfileAssignToHost", "depends_on": [ "trendmicro-security-profile-assign-to-host" ] } - }, + }, { "JiraCreateIssue-example": { - "name": "JiraCreateIssue-example", + "name": "JiraCreateIssue-example", "depends_on": [ - "jira-create-issue", + "jira-create-issue", "jira-delete-issue" ] } - }, + }, { "VolApihooks": { "name": "VolApihooks" } - }, + }, { "ADGetCommonGroups": { - "name": "ADGetCommonGroups", - "deprecated": true, + "name": "ADGetCommonGroups", + "deprecated": true, "depends_on": [ "ad-search" - ], + ], "script_executions": [ "ADGetUserGroups" ] } - }, + }, { "NetwitnessSAGetComponents": { - "name": "NetwitnessSAGetComponents", + "name": "NetwitnessSAGetComponents", "depends_on": [ "nw-get-components" ] } - }, + }, { "QRadarGetCorrelationLogs": { - "name": "QRadarGetCorrelationLogs", + "name": "QRadarGetCorrelationLogs", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "CountArraySize": { "name": "CountArraySize" } - }, + }, { "ConvertXmlToJson": { "name": "ConvertXmlToJson" } - }, + }, { "D2PEDump": { "name": "D2PEDump" } - }, + }, { "CBPFindComputer": { - "name": "CBPFindComputer", + "name": "CBPFindComputer", "depends_on": [ "cbp-computer-search" ] } - }, + }, { "ClassifierNotifyAdmin": { - "name": "ClassifierNotifyAdmin", + "name": "ClassifierNotifyAdmin", "depends_on": [ "send-mail" ] } - }, + }, { "SlackAskUser": { - "name": "SlackAskUser", - "fromversion": "3.5.0", + "name": "SlackAskUser", + "fromversion": "3.5.0", "depends_on": [ "slack-send" - ], + ], "script_executions": [ "addEntitlement" ] } - }, + }, { "Exists": { "name": "Exists" } - }, + }, { "NetwitnessSAGetEvents": { - "name": "NetwitnessSAGetEvents", + "name": "NetwitnessSAGetEvents", "depends_on": [ "nw-get-events" ] } - }, + }, { "DBotTrainTextClassifier": { - "name": "DBotTrainTextClassifier", - "fromversion": "4.1.0", + "name": "DBotTrainTextClassifier", + "fromversion": "4.1.0", "script_executions": [ - "getFilePath", - "createList" + "createList", + "getFilePath" ] } - }, + }, { "CommonServer": { "name": "CommonServer" } - }, + }, { "LCMDetectedIndicators": { - "name": "LCMDetectedIndicators", + "name": "LCMDetectedIndicators", "depends_on": [ "lcm-indicators" ] } - }, + }, { "SplunkSearch": { - "name": "SplunkSearch", - "deprecated": true, + "name": "SplunkSearch", + "deprecated": true, "depends_on": [ "search" ] } - }, + }, { "IsIPInSubnet": { - "name": "IsIPInSubnet", + "name": "IsIPInSubnet", "deprecated": true } - }, + }, { "TrendmicroHostRetrieveAll": { - "name": "TrendmicroHostRetrieveAll", + "name": "TrendmicroHostRetrieveAll", "depends_on": [ "trendmicro-host-retrieve-all" ] } - }, + }, { "getMlFeatures": { - "name": "getMlFeatures", - "fromversion": "3.5.0", + "name": "getMlFeatures", + "fromversion": "3.5.0", "script_executions": [ - "findIndicators", + "findIndicators", "getIncidents" ] } - }, + }, { "2aa9f737-8c7c-42f5-815f-4d104bb3af06": { - "name": "SEPScan", + "name": "SEPScan", "depends_on": [ "sep-command-status" ] } - }, + }, { "PrintContext": { "name": "PrintContext" } - }, + }, { "D2O365SearchAndDelete": { "name": "D2O365SearchAndDelete" } - }, + }, { "DBotPreparePhishingData": { - "name": "DBotPreparePhishingData", - "fromversion": "4.1.0", + "name": "DBotPreparePhishingData", + "fromversion": "4.1.0", "script_executions": [ - "getContext", - "getIncidents", - "createList", - "WordTokenizer" + "WordTokenizer", + "createList", + "getContext", + "getIncidents" ] } - }, + }, { "QRadarGetOffenseCorrelations": { - "name": "QRadarGetOffenseCorrelations", + "name": "QRadarGetOffenseCorrelations", "depends_on": [ "qradar-searches" - ], + ], "script_executions": [ "QRadarFullSearch" ] } - }, + }, { "ShowScheduledEntries": { "name": "ShowScheduledEntries" } - }, + }, { "EmailAskUserResponse": { "name": "EmailAskUserResponse" } - }, + }, { "IsEmailAddressInternal": { "name": "IsEmailAddressInternal" } - }, + }, { "DemistoGetIncidentTasksByState": { "name": "DemistoGetIncidentTasksByState" } - }, + }, { "VectraGetHostById": { - "name": "VectraGetHostById", - "deprecated": true, + "name": "VectraGetHostById", + "deprecated": true, "depends_on": [ "vec-get-host-by-id" ] } - }, + }, { "DefaultIncidentClassifier": { "name": "DefaultIncidentClassifier" } - }, + }, { "TestCreateTagTextFile": { - "name": "TestCreateTagTextFile", + "name": "TestCreateTagTextFile", "script_executions": [ "createList" ] } - }, + }, { "TestCreateWordFile": { "name": "TestCreateWordFile" } - }, + }, { "GenerateImageFileEntry": { "name": "GenerateImageFileEntry" } - }, + }, { "a18ff76e-c462-4daa-8be2-6a1b5308713f": { "name": "TestCreateDuplicates" } - }, + }, { "c5cb179f-d6d2-4d87-8857-b224689d5b00": { "name": "VerifyTreeToFlatObject" } - }, + }, { "GenerateUUID": { "name": "GenerateUUID" } - }, + }, { "TestXml2JSON": { "name": "TestXml2JSON" } - }, + }, { "3b260f00-772c-4d4e-84ea-e47226637497": { - "name": "VerifyHumanReadableEquals", + "name": "VerifyHumanReadableEquals", "fromversion": "3.6.0" } - }, + }, { "ValidateErrorExistence": { - "name": "ValidateErrorExistence", + "name": "ValidateErrorExistence", "script_executions": [ "getEntries" ] } - }, + }, { "CompleteManualTask": { - "name": "CompleteManualTask", + "name": "CompleteManualTask", "script_executions": [ - "DemistoGetIncidentTasksByState", + "DemistoGetIncidentTasksByState", "taskComplete" ] } - }, + }, { "GenerateIP": { "name": "GenerateIP" } - }, + }, { "CarbonBlackResponseFilterSensors": { "name": "CarbonBlackResponseFilterSensors" } - }, + }, { "RaiseError": { "name": "RaiseError" } - }, + }, { "GenerateEmail": { "name": "GenerateEmail" } - }, + }, { "PhishingIncident": { - "name": "PhishingIncident", + "name": "PhishingIncident", "script_executions": [ "setIncident" ] } - }, + }, { "VerifyTableToMarkDown": { "name": "VerifyTableToMarkDown" } - }, + }, { "TestFormatTableValues": { "name": "TestFormatTableValues" } - }, + }, { "TestCreateIncidents": { - "name": "TestCreateIncidents", + "name": "TestCreateIncidents", "script_executions": [ - "createNewIncident", "createNewIncident" ] } - }, + }, { "TestPYCommonServer": { "name": "TestPYCommonServer" } - }, + }, { "CreateDuplicateIncident": { - "name": "CreateDuplicateIncident", + "name": "CreateDuplicateIncident", "script_executions": [ "createNewIncident" ] } - }, + }, { "c0eb84c3-8771-4f9f-833e-1017112d6215": { "name": "ThrowException" } - }, + }, { "SsdeepReputationTest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "script_executions": [ - "findIndicators", - "createNewIndicator", - "createNewIndicator", - "createNewIndicator" + "createNewIndicator", + "findIndicators" ] } - }, + }, { "CreateBinaryFile": { "name": "CreateBinaryFile" } - }, + }, { "GetFirstObject": { "name": "GetFirstObject" } }, - { + { "changeremediationslaonsevchange": { "name": "ChangeRemediationSLAOnSevChange", "fromversion": "4.1.0", @@ -4458,1147 +4439,1147 @@ ] } } - ], + ], "playbooks": [ { "search_and_delete_emails_-_generic": { - "name": "Search And Delete Emails - Generic", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ "Search And Delete Emails - EWS" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Email Address Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.6.0", - "fromversion": "3.6.0", + "name": "Process Email - Generic", + "toversion": "3.6.0", + "fromversion": "3.6.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook12": { - "name": "McAfee ePO Endpoint Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", + "CloseInvestigation", + "IncidentSet", "commentsToContext" - ], + ], "implementing_commands": [ - "epo-update-client-dat", - "servicenow-incidents-query", - "epo-get-latest-dat", - "epo-get-current-dat", + "epo-update-client-dat", + "servicenow-incidents-query", + "epo-get-latest-dat", + "epo-get-current-dat", "servicenow-incident-create" ] } - }, + }, { "get_original_email_-_generic": { - "name": "Get Original Email - Generic", - "fromversion": 4.0, + "name": "Get Original Email - Generic", + "fromversion": 4.0, "implementing_playbooks": [ - "Get Original Email - Gmail", + "Get Original Email - Gmail", "Get Original Email - EWS" ] } - }, + }, { "Detonate URL - Phish.AI": { - "name": "Detonate URL - Phish.AI", - "fromversion": "4.0.0", + "name": "Detonate URL - Phish.AI", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "phish-ai-check-status", + "phish-ai-check-status", "phish-ai-scan-url" ] } - }, + }, { "Detonate URL - Cuckoo": { - "name": "Detonate URL - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate URL - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-view-task", - "cuckoo-get-task-report", + "cuckoo-view-task", + "cuckoo-get-task-report", "cuckoo-create-task-from-url" ] } - }, + }, { "get_file_sample_by_hash_-_generic": { - "name": "Get File Sample By Hash - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample By Hash - Cylance Protect", + "Get File Sample By Hash - Cylance Protect", "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike": { - "name": "Search Endpoints By Hash - CrowdStrike", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-details" ] } - }, + }, { "get_file_sample_from_path_-_generic": { - "name": "Get File Sample From Path - Generic", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Get File Sample From Path - Carbon Black Enterprise Response", + "Get File Sample From Path - Carbon Black Enterprise Response", "Get File Sample From Path - D2" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Process Email - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_commands": [ "rasterize-email" ] } - }, + }, { "Detonate File - Lastline": { - "name": "Detonate File - Lastline", - "fromversion": "4.0.0", + "name": "Detonate File - Lastline", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-upload-file", + "lastline-upload-file", "lastline-get-report" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "URL Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "GenericPolling": { - "name": "GenericPolling", - "fromversion": "4.0.0", + "name": "GenericPolling", + "fromversion": "4.0.0", "implementing_scripts": [ - "ScheduleGenericPolling", - "RunPollingCommand", + "ScheduleGenericPolling", + "RunPollingCommand", "PrintErrorEntry" ] } - }, + }, { "playbook1": { - "name": "Malware Playbook - Manual", - "fromversion": "2.5.0", + "name": "Malware Playbook - Manual", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExposeModules", - "Autoruns", + "ExposeModules", + "Autoruns", "Exists" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "fromversion": "3.6.0", + "name": "Calculate Severity - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Calculate Severity - Indicators DBotScore", - "Calculate Severity - 3rd-party integrations", + "Calculate Severity - Indicators DBotScore", + "Calculate Severity - 3rd-party integrations", "Calculate Severity - Critical assets" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection": { - "name": "Search Endpoints By Hash - Carbon Black Protection", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBPFindRule", - "Set", - "CBPCatalogFindHash", + "CBPFindRule", + "Set", + "CBPCatalogFindHash", "Exists" - ], + ], "implementing_commands": [ "cbp-computer-get" ] } - }, + }, { "Incident Enrichment": { - "name": "Incident Enrichment", - "fromversion": "2.5.0", + "name": "Incident Enrichment", + "fromversion": "2.5.0", "implementing_scripts": [ - "ExtractURL", - "ExtractHash", + "ExtractURL", + "ExtractHash", "ExtractIP" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "playbook16": { - "name": "CrowdStrike Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "CrowdStrike Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "Exists", + "Exists", "SendEmail" - ], + ], "implementing_commands": [ - "cs-device-ran-on", + "cs-device-ran-on", "cs-device-search" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "crowdstrike-detonate-file" ] } - }, + }, { "Enrich McAfee DXL using 3rd party sandbox": { - "name": "Enrich McAfee DXL using 3rd party sandbox", + "name": "Enrich McAfee DXL using 3rd party sandbox", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "WildFire - Detonate file" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Get File Sample From Hash - Carbon Black Enterprise Response": { - "name": "Get File Sample From Hash - Carbon Black Enterprise Response", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Carbon Black Enterprise Response", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Tenable.io Scan": { - "name": "Tenable.io Scan", - "fromversion": "4.0.0", + "name": "Tenable.io Scan", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-io-launch-scan", - "tenable-io-get-scan-report", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", "tenable-io-get-scan-status" ] } - }, + }, { "block_indicators_-_generic": { - "name": "Block Indicators - Generic", - "fromversion": "4.0.0", + "name": "Block Indicators - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Block URL - Generic", - "Block File - Generic", - "Block IP - Generic", + "Block URL - Generic", + "Block File - Generic", + "Block IP - Generic", "Block Account - Generic" ] } - }, + }, { "detonate_url_-_threatgrid": { - "name": "Detonate URL - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate URL - ThreatGrid", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", - "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-get-samples-state", "threat-grid-url-to-file" ] } - }, + }, { "TrendMicro Malware Alert Playbook": { - "name": "TrendMicro Malware Alert Playbook", - "fromversion": "2.5.0", + "name": "TrendMicro Malware Alert Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "TrendMicroGetPolicyID", - "TrendmicroSecurityProfileAssignToHost", - "TrendmicroAntiMalwareEventRetrieve", + "TrendMicroGetPolicyID", + "TrendmicroSecurityProfileAssignToHost", + "TrendmicroAntiMalwareEventRetrieve", "TrendMicroGetHostID" ] } - }, + }, { "Google-Vault-Display-Results": { - "name": "Google Vault - Display Results", - "fromversion": "4.0.0", + "name": "Google Vault - Display Results", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-drive-results", - "gvault-get-groups-results", - "gvault-download-results", - "gvault-export-status", + "gvault-get-drive-results", + "gvault-get-groups-results", + "gvault-download-results", + "gvault-export-status", "gvault-get-mail-results" ] } - }, + }, { "calculate_severity_-_3rd-party_integrations": { - "name": "Calculate Severity - 3rd-party integrations", - "fromversion": "3.6.0", + "name": "Calculate Severity - 3rd-party integrations", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.5.9", - "fromversion": "3.5.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.5.9", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Detonate File - Generic", - "Extract Indicators - Generic", - "Entity Enrichment - Generic", - "Process Email - Generic", - "Calculate Severity - Generic", + "Detonate File - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", + "Process Email - Generic", + "Calculate Severity - Generic", "Email Address Enrichment - Generic" ] } - }, + }, { "detonate_url_-_joesecurity": { - "name": "Detonate URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-submit-url", + "joe-download-report", + "joe-analysis-submit-url", "joe-analysis-info" ] } - }, + }, { "CrowdStrike Falcon Sandbox - Detonate file": { - "name": "CrowdStrike Falcon Sandbox - Detonate file", - "fromversion": "4.0.0", + "name": "CrowdStrike Falcon Sandbox - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-sample", + "crowdstrike-submit-sample", "crowdstrike-scan" ] } - }, + }, { "crowdstrike_endpoint_enrichment": { - "name": "CrowdStrike Endpoint Enrichment", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment", + "fromversion": "3.5.0", "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-device-details" ] } - }, + }, { "cve_enrichment_-_generic": { - "name": "CVE Enrichment - Generic", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "cveReputation" - ], + ], "implementing_commands": [ "cve-search" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect": { - "name": "Get File Sample By Hash - Cylance Protect", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect", + "fromversion": "3.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "dedup_incidents_-_ml": { - "name": "DeDup incidents - ML", - "fromversion": "3.5.0", + "name": "DeDup incidents - ML", + "fromversion": "3.5.0", "implementing_scripts": [ - "Print", - "CloseInvestigationAsDuplicate", + "Print", + "CloseInvestigationAsDuplicate", "GetDuplicatesMl" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "fromversion": "3.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "fromversion": "3.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Enrichment Playbook", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Enrichment Playbook", + "Hunt for bad IOCs", + "Account Enrichment", "Detonate File - Generic" ] } - }, + }, { "TIE - IOC Hunt": { - "name": "TIE - IOC Hunt", - "fromversion": "2.5.0", + "name": "TIE - IOC Hunt", + "fromversion": "2.5.0", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "vulnerability_management_-_qualys_Job": { - "name": "Vulnerability Management - Qualys (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Qualys (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ - "QualysCreateIncidentFromReport", + "QualysCreateIncidentFromReport", "Set" - ], + ], "implementing_commands": [ - "qualys-report-fetch", - "closeInvestigation", + "qualys-report-fetch", + "closeInvestigation", "qualys-report-list" ] } - }, + }, { "get_original_email_-_gmail": { - "name": "Get Original Email - Gmail", - "fromversion": 4.0, + "name": "Get Original Email - Gmail", + "fromversion": 4.0, "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "gmail-get-attachments", - "gmail-search", + "gmail-get-attachments", + "gmail-search", "gmail-get-mail" ] } - }, + }, { "detonate_url_-_mcafee_atd": { - "name": "Detonate URL - McAfee ATD", - "fromversion": "4.0.0", + "name": "Detonate URL - McAfee ATD", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-check-status", + "atd-get-report", + "atd-check-status", "atd-file-upload" ] } - }, + }, { "Detonate URL - Lastline": { - "name": "Detonate URL - Lastline", - "fromversion": "4.0.0", + "name": "Detonate URL - Lastline", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "lastline-get-report", + "lastline-get-report", "lastline-upload-url" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", "WildFire - Detonate file" ] } - }, + }, { "process_email_-_ews": { - "name": "Process Email - EWS", - "fromversion": "3.6.0", + "name": "Process Email - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "playbook7": { - "name": "Hunting C&C Communication Playbook", - "fromversion": "2.5.0", + "name": "Hunting C&C Communication Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "IsIntegrationAvailable", + "IsIntegrationAvailable", "Exists" - ], + ], "implementing_commands": [ - "slack-send", + "slack-send", "ExposeModules" ] } - }, + }, { "get_file_sample_from_path_-_d2": { - "name": "Get File Sample From Path - D2", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentAddSystem", + "IncidentAddSystem", "FetchFileD2" ] } - }, + }, { "get_original_email_-_ews": { - "name": "Get Original Email - EWS", - "fromversion": 4.0, + "name": "Get Original Email - EWS", + "fromversion": 4.0, "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Set" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-get-attachment", + "ews-search-mailbox", + "ews-get-attachment", "ews-get-items" ] } - }, + }, { "playbook17": { - "name": "Carbon black Protection Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon black Protection Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBPFindRule", - "CBPCatalogFindHash", + "CBPFindRule", + "CBPCatalogFindHash", "Exists" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "toversion": "3.6.1", - "fromversion": "3.6.0", + "name": "Calculate Severity - Critical assets", + "toversion": "3.6.1", + "fromversion": "3.6.0", "implementing_scripts": [ - "StringContains", - "Set", + "StringContains", + "Set", "Exists" ] } - }, + }, { "playbook14": { - "name": "Checkpoint Firewall Configuration Backup Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "UtilAnyResults", - "SendEmail", - "CPShowBackupStatus", - "CloseInvestigation", - "SNOpenTicket", - "SCPPullFiles", + "name": "Checkpoint Firewall Configuration Backup Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "UtilAnyResults", + "SendEmail", + "CPShowBackupStatus", + "CloseInvestigation", + "SNOpenTicket", + "SCPPullFiles", "CPCreateBackup" ] } - }, + }, { "endpoint_enrichment_-_generic": { - "name": "Endpoint Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "EPOFindSystem", - "Exists", + "EPOFindSystem", + "Exists", "ADGetComputer" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cylance-protect-get-devices", - "cb-sensor-info", + "cylance-protect-get-devices", + "cb-sensor-info", "so-agents-query" ] } - }, + }, { "access_investigation_-_qradar": { - "name": "Access Investigation - QRadar", - "fromversion": "3.6.0", + "name": "Access Investigation - QRadar", + "fromversion": "3.6.0", "implementing_playbooks": [ - "QRadar - Get offense correlations", + "QRadar - Get offense correlations", "Access Investigation - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "Google-Vault-Search-Groups": { - "name": "Google Vault - Search Groups", - "fromversion": "4.0.0", + "name": "Google Vault - Search Groups", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-export-status", - "gvault-download-results", - "gvault-create-export-groups", + "gvault-export-status", + "gvault-download-results", + "gvault-create-export-groups", "gvault-get-groups-results" ] } - }, + }, { "DBotCreatePhishingClassifier": { - "name": "DBot Create Phishing Classifier", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier", + "fromversion": "4.1.0", "implementing_scripts": [ - "DBotTrainTextClassifier", - "Base64ListToFile", - "DBotPredictPhishingEvaluation", + "DBotTrainTextClassifier", + "Base64ListToFile", + "DBotPredictPhishingEvaluation", "DBotPreparePhishingData" ] } - }, + }, { "detonate_url_-_generic": { - "name": "Detonate URL - Generic", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "Detonate URL - CrowdStrike", - "Detonate URL - JoeSecurity", - "Detonate URL - Cuckoo", - "Detonate URL - Lastline", - "Detonate URL - ThreatGrid", + "Detonate URL - CrowdStrike", + "Detonate URL - JoeSecurity", + "Detonate URL - Cuckoo", + "Detonate URL - Lastline", + "Detonate URL - ThreatGrid", "Detonate URL - McAfee ATD" ] } - }, + }, { "tenable-sc-scan": { - "name": "Launch Scan - Tenable.sc", - "fromversion": "4.0.0", + "name": "Launch Scan - Tenable.sc", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "tenable-sc-get-scan-report", + "tenable-sc-get-scan-report", "tenable-sc-launch-scan" ] } - }, + }, { "detonate_file_from_url_-_wildfire": { - "name": "Detonate File From URL - WildFire", - "fromversion": "4.0.0", + "name": "Detonate File From URL - WildFire", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload-file-remote", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "block_endpoint_-_carbon_black_response": { - "name": "Block Endpoint - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response", + "fromversion": "3.5.0", "implementing_commands": [ - "cb-sensor-info", + "cb-sensor-info", "cb-quarantine-device" ] } - }, + }, { "close_incident_if_duplicate_found": { - "name": "DeDup incidents", - "fromversion": "3.5.0", + "name": "DeDup incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "FindSimilarIncidents", + "FindSimilarIncidents", "CloseInvestigationAsDuplicate" ] } - }, + }, { "scan_assets_nexpose": { - "name": "Scan Assets - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Assets - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-assets-scan", + "nexpose-start-assets-scan", "nexpose-get-scan" ] } - }, + }, { "extract_indicators_-_generic": { - "name": "Extract Indicators - Generic", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ExtractHash", - "ExtractDomain", - "ExtractURL", - "ExtractEmail", + "ExtractHash", + "ExtractDomain", + "ExtractURL", + "ExtractEmail", "ExtractIP" ] } - }, + }, { "playbook0": { - "name": "Default", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "TrendMicroClassifier", - "Exists", - "IncidentSet", - "SplunkEmailParser", - "QRadarClassifier", - "MapValues", - "Print", - "VectraClassifier", + "name": "Default", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "TrendMicroClassifier", + "Exists", + "IncidentSet", + "SplunkEmailParser", + "QRadarClassifier", + "MapValues", + "Print", + "VectraClassifier", "NexposeEmailParser" - ], + ], "implementing_playbooks": [ "Enrichment Playbook" ] } - }, + }, { "dedup_-_generic": { - "name": "Dedup - Generic", - "fromversion": "4.0.0", + "name": "Dedup - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "FindSimilarIncidentsByText", - "GetDuplicatesMlv2", - "CloseInvestigationAsDuplicate", + "FindSimilarIncidentsByText", + "GetDuplicatesMlv2", + "CloseInvestigationAsDuplicate", "FindSimilarIncidents" ] } - }, + }, { "malware_investigation-_generic_-_setup": { - "name": "Malware Investigation - Generic - Setup", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic - Setup", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ - "Get File Sample From Path - Generic", - "Get File Sample By Hash - Generic", + "Get File Sample From Path - Generic", + "Get File Sample By Hash - Generic", "Search Endpoints By Hash - Generic" ] } - }, + }, { "block_file_-_carbon_black_response": { - "name": "Block File - Carbon Black Response", - "fromversion": "4.0.0", + "name": "Block File - Carbon Black Response", + "fromversion": "4.0.0", "implementing_commands": [ - "cb-get-hash-blacklist", + "cb-get-hash-blacklist", "cb-block-hash" ] } - }, + }, { "search_and_delete_emails_-_ews": { - "name": "Search And Delete Emails - EWS", - "fromversion": "3.6.0", + "name": "Search And Delete Emails - EWS", + "fromversion": "3.6.0", "implementing_scripts": [ "BuildEWSQuery" - ], + ], "implementing_commands": [ - "ews-search-mailboxes", + "ews-search-mailboxes", "ews-delete-items" ] } - }, + }, { "Detonate File - BitDam": { - "name": "Detonate File - BitDam", - "fromversion": "4.0.0", + "name": "Detonate File - BitDam", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "MAR - Endpoint data collection": { - "name": "MAR - Endpoint data collection", + "name": "MAR - Endpoint data collection", "implementing_scripts": [ - "EPOFindSystem", + "EPOFindSystem", "Exists" - ], + ], "implementing_commands": [ "mar-search-multiple" ] } - }, + }, { "Google-Vault-Search-Drive": { - "name": "Google Vault - Search Drive", - "fromversion": "4.0.0", + "name": "Google Vault - Search Drive", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-create-export-drive", - "gvault-get-drive-results", - "gvault-export-status", + "gvault-create-export-drive", + "gvault-get-drive-results", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "process_email_-_add_custom_fields": { - "name": "Process Email - Add custom fields", - "fromversion": "3.6.0", + "name": "Process Email - Add custom fields", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "detonate_url_-_crowdstrike": { - "name": "Detonate URL - CrowdStrike", - "fromversion": "4.0.0", + "name": "Detonate URL - CrowdStrike", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "crowdstrike-submit-url", + "crowdstrike-submit-url", "crowdstrike-scan" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "fromversion": "3.6.0", + "name": "IP Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "IsIPInRanges", - "IPToHost", + "IsIPInRanges", + "IPToHost", "IPReputation" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" - ], + ], "implementing_commands": [ "vt-private-get-ip-report" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Domain Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "DomainReputation" ] } - }, + }, { "QRadarFullSearch": { - "name": "QRadarFullSearch", - "fromversion": "4.0.0", + "name": "QRadarFullSearch", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "qradar-get-search", - "qradar-get-search-results", + "qradar-get-search", + "qradar-get-search-results", "qradar-searches" ] } - }, + }, { "Arcsight - Get events related to the Case": { - "name": "Arcsight - Get events related to the Case", + "name": "Arcsight - Get events related to the Case", "implementing_scripts": [ - "IncidentSet", - "Set", + "IncidentSet", + "Set", "Exists" - ], + ], "implementing_commands": [ - "as-get-security-events", - "as-get-case", + "as-get-security-events", + "as-get-case", "as-get-case-event-ids" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Account Enrichment", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Malware Investigation - Generic", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Extract Indicators - Generic", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Extract Indicators - Generic", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations ", - "toversion": "3.1.0", + "name": "QRadar - Get offense correlations ", + "toversion": "3.1.0", "implementing_scripts": [ - "AreValuesEqual", - "QRadarGetCorrelationLogs", - "QRadarGetOffenseCorrelations", + "AreValuesEqual", + "QRadarGetCorrelationLogs", + "QRadarGetOffenseCorrelations", "Exists" ] } - }, + }, { "QRadar - Get offense correlations ": { - "name": "QRadar - Get offense correlations", - "fromversion": "3.5.0", + "name": "QRadar - Get offense correlations", + "fromversion": "3.5.0", "implementing_scripts": [ - "QRadarGetCorrelationLogs", + "QRadarGetCorrelationLogs", "QRadarGetOffenseCorrelations" ] } - }, + }, { "block_ip_-_generic": { - "name": "Block IP - Generic", - "fromversion": "4.0.0", + "name": "Block IP - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ "PanoramaBlockIP" - ], + ], "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ - "zscaler-blacklist-ip", + "zscaler-blacklist-ip", "checkpoint-block-ip" ] } - }, + }, { "vulnerability_handling_-_qualys_-_add _ustom_fields_to_default_layout": { - "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys - Add custom fields to default layout", + "fromversion": "3.6.0", "implementing_scripts": [ "IncidentSet" ] } - }, + }, { "playbook3": { - "name": "Ransomware Playbook - Manual", + "name": "Ransomware Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Enrich DXL with ATD verdict": { - "name": "Enrich DXL with ATD verdict", + "name": "Enrich DXL with ATD verdict", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "Exists" - ], + ], "implementing_playbooks": [ "ATD - Detonate File" - ], + ], "implementing_commands": [ "dxl-send-event" ] } - }, + }, { "Detonate File - SNDBOX": { - "name": "Detonate File - SNDBOX", - "fromversion": "4.0.0", + "name": "Detonate File - SNDBOX", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", "sndbox-download-report" ] } - }, + }, { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", @@ -5627,928 +5608,928 @@ }, { "playbook2": { - "name": "Phishing Playbook - Manual", + "name": "Phishing Playbook - Manual", "fromversion": "2.5.0" } - }, + }, { "Hunt for bad IOCs": { - "name": "Hunt for bad IOCs", - "fromversion": "2.5.0", + "name": "Hunt for bad IOCs", + "fromversion": "2.5.0", "implementing_playbooks": [ - "CrowdStrike Rapid IOC Hunting", - "Carbon Black Rapid IOC Hunting", - "TIE - IOC Hunt", + "CrowdStrike Rapid IOC Hunting", + "Carbon Black Rapid IOC Hunting", + "TIE - IOC Hunt", "Carbon black Protection Rapid IOC Hunting" ] } - }, + }, { "extract_indicators_from_file_-_generic": { - "name": "Extract Indicators From File - Generic", - "fromversion": "3.6.0", + "name": "Extract Indicators From File - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "ReadPDFFile", - "Set", + "ReadPDFFile", + "Set", "ExtractIndicatorsFromTextFile" ] } - }, + }, { "Sentinel One - Endpoint data collection": { - "name": "Sentinel One - Endpoint data collection", + "name": "Sentinel One - Endpoint data collection", "implementing_scripts": [ - "Print", + "Print", "Exists" - ], + ], "implementing_commands": [ - "so-agents-query", + "so-agents-query", "so-get-agent-processes" ] } - }, + }, { "process_email_-_generic": { - "name": "Process Email - Generic", - "fromversion": "4.0.0", + "name": "Process Email - Generic", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" - ], + ], "implementing_playbooks": [ "Get Original Email - Generic" - ], + ], "implementing_commands": [ - "setIncident", + "setIncident", "rasterize-email" ] } - }, + }, { "playbook13": { - "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Endpoint Connectivity Diagnostics Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "commentsToContext", + "CloseInvestigation", + "commentsToContext", "Ping" - ], + ], "implementing_commands": [ "servicenow-incident-create" ] } - }, + }, { "vulnerability_handling_-_nexpose": { - "name": "Vulnerability Handling - Nexpose", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Nexpose", + "fromversion": "3.6.0", "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-get-asset-vulnerability", - "nexpose-get-asset", + "closeInvestigation", + "nexpose-get-asset-vulnerability", + "nexpose-get-asset", "setIncident" ] } - }, + }, { "Calculate Severity - Generic": { - "name": "Calculate Severity - Generic", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Calculate Severity - Generic", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "StringContains", + "Print", + "StringContains", "Exists" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "playbook8": { - "name": "Lost / Stolen Device Playbook", + "name": "Lost / Stolen Device Playbook", "fromversion": "2.5.0" } - }, + }, { "vulnerability_handling_-_qualys": { - "name": "Vulnerability Handling - Qualys", - "fromversion": "3.6.0", + "name": "Vulnerability Handling - Qualys", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "DisplayHTML" - ], + ], "implementing_playbooks": [ - "CVE Enrichment - Generic", - "Vulnerability Handling - Qualys - Add custom fields to default layout", - "Endpoint Enrichment - Generic", + "CVE Enrichment - Generic", + "Vulnerability Handling - Qualys - Add custom fields to default layout", + "Endpoint Enrichment - Generic", "Calculate Severity - Generic" - ], + ], "implementing_commands": [ - "qualys-host-list", + "qualys-host-list", "qualys-vulnerability-list" ] } - }, + }, { "playbook10": { - "name": "Rapid IOC Hunting Playbook", - "fromversion": "2.5.0", - "implementing_scripts": [ - "ExtractHash", - "Exists", - "ReadFile", - "ExtractIP", - "Print", + "name": "Rapid IOC Hunting Playbook", + "fromversion": "2.5.0", + "implementing_scripts": [ + "ExtractHash", + "Exists", + "ReadFile", + "ExtractIP", + "Print", "ExtractURL" - ], + ], "implementing_playbooks": [ "Hunt for bad IOCs" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response": { - "name": "Search Endpoints By Hash - Carbon Black Response", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "CBFindHash" ] } - }, + }, { "scan_site_nexpose": { - "name": "Scan Site - Nexpose", - "fromversion": "4.0.0", + "name": "Scan Site - Nexpose", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "nexpose-start-site-scan", + "nexpose-start-site-scan", "nexpose-get-scan" ] } - }, + }, { "PanoramaCommitConfiguration": { - "name": "PanoramaCommitConfiguration", - "fromversion": "4.0.0", + "name": "PanoramaCommitConfiguration", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "panorama-push-to-device-group", - "panorama-push-status", - "panorama-commit", + "panorama-push-to-device-group", + "panorama-push-status", + "panorama-commit", "panorama-commit-status" ] } - }, + }, { "Failed Login Playbook With Slack": { - "name": "Failed Login Playbook With Slack", - "fromversion": "2.5.0", + "name": "Failed Login Playbook With Slack", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "ADExpirePassword", + "CloseInvestigation", + "IncidentSet", + "ADExpirePassword", "SlackAskUser" - ], + ], "implementing_commands": [ "slack-send" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.1.0", + "name": "WildFire - Detonate file", + "toversion": "3.1.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "fromversion": "3.6.0", + "name": "File Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "File Enrichment - File reputation", + "File Enrichment - File reputation", "File Enrichment - Virus Total Private API" - ], + ], "implementing_commands": [ - "cylance-protect-get-threat", + "cylance-protect-get-threat", "pan-appframework-search-by-file-hash" ] } - }, + }, { "vulnerability_management_-_nexpose_job": { - "name": "Vulnerability Management - Nexpose (Job)", - "fromversion": "3.6.0", + "name": "Vulnerability Management - Nexpose (Job)", + "fromversion": "3.6.0", "implementing_scripts": [ "NexposeCreateIncidentsFromAssets" - ], + ], "implementing_commands": [ - "closeInvestigation", - "nexpose-create-assets-report", + "closeInvestigation", + "nexpose-create-assets-report", "nexpose-search-assets" ] } - }, + }, { "Archer initiate incident": { - "name": "Archer initiate incident", - "fromversion": "3.5.0", + "name": "Archer initiate incident", + "fromversion": "3.5.0", "implementing_commands": [ "archer-get-file" ] } - }, + }, { "block_file_-_generic": { - "name": "Block File - Generic", - "fromversion": "4.0.0", + "name": "Block File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Block File - Carbon Black Response" ] } - }, + }, { "calculate_severity_-_critical_assets": { - "name": "Calculate Severity - Critical assets", - "fromversion": "4.0.0", + "name": "Calculate Severity - Critical assets", + "fromversion": "4.0.0", "implementing_scripts": [ - "StringContains", + "StringContains", "Set" ] } - }, + }, { "add_indicator_to_miner_-_palo_alto_mineMeld": { - "name": "Add Indicator to Miner - Palo Alto MineMeld", - "fromversion": "4.0.0", + "name": "Add Indicator to Miner - Palo Alto MineMeld", + "fromversion": "4.0.0", "implementing_commands": [ "minemeld-add-to-miner" ] } - }, + }, { "domain_enrichment_generic": { - "name": "Domain Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Domain Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ "DomainReputation" - ], + ], "implementing_commands": [ "vt-private-get-domain-report" ] } - }, + }, { "playbook11": { - "name": "McAfee ePO Repository Compliance Playbook", - "fromversion": "2.5.0", + "name": "McAfee ePO Repository Compliance Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "CloseInvestigation", - "IncidentSet", - "Sleep", - "AreValuesEqual", + "CloseInvestigation", + "IncidentSet", + "Sleep", + "AreValuesEqual", "SendEmail" - ], + ], "implementing_commands": [ - "epo-update-repository", - "epo-get-latest-dat", + "epo-update-repository", + "epo-get-latest-dat", "epo-get-current-dat" ] } - }, + }, { "url_enrichment_-_generic": { - "name": "URL Enrichment - Generic", - "fromversion": "3.6.0", + "name": "URL Enrichment - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "URLSSLVerification", - "Exists", + "URLSSLVerification", + "Exists", "URLReputation" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", + "vt-private-get-url-report", "rasterize" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "fromversion": "3.6.0", + "name": "Entity Enrichment - Generic", + "fromversion": "3.6.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_generic": { - "name": "Search Endpoints By Hash - Generic", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Search Endpoints By Hash - Carbon Black Response", - "Search Endpoints By Hash - CrowdStrike", - "Search Endpoints By Hash - TIE", + "Search Endpoints By Hash - Carbon Black Response", + "Search Endpoints By Hash - CrowdStrike", + "Search Endpoints By Hash - TIE", "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "malware_investigation-_generic": { - "name": "Malware Investigation - Generic", - "fromversion": "3.6.0", + "name": "Malware Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Malware Investigation - Generic - Setup", - "Calculate Severity - Generic", - "Entity Enrichment - Generic", + "Malware Investigation - Generic - Setup", + "Calculate Severity - Generic", + "Entity Enrichment - Generic", "Detonate File - Generic" ] } - }, + }, { "calculate_severity_-_indicators_dbotscore": { - "name": "Calculate Severity - Indicators DBotScore", - "fromversion": "3.6.0", + "name": "Calculate Severity - Indicators DBotScore", + "fromversion": "3.6.0", "implementing_scripts": [ "Set" ] } - }, + }, { "Detonate File - Cuckoo": { - "name": "Detonate File - Cuckoo", - "fromversion": "4.0.0", + "name": "Detonate File - Cuckoo", + "fromversion": "4.0.0", "implementing_scripts": [ "Sleep" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "cuckoo-task-screenshot", - "cuckoo-get-task-report", - "cuckoo-view-task", + "cuckoo-task-screenshot", + "cuckoo-get-task-report", + "cuckoo-view-task", "cuckoo-create-task-from-file" ] } - }, + }, { "Account Enrichment": { - "name": "Account Enrichment", - "fromversion": "3.5.0", + "name": "Account Enrichment", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "entity_enrichment_generic": { - "name": "Entity Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_playbooks": [ - "Account Enrichment - Generic", - "Endpoint Enrichment - Generic", - "DBot Indicator Enrichment - Generic", - "Email Address Enrichment - Generic", - "URL Enrichment - Generic", - "File Enrichment - Generic", - "Domain Enrichment - Generic", + "Account Enrichment - Generic", + "Endpoint Enrichment - Generic", + "DBot Indicator Enrichment - Generic", + "Email Address Enrichment - Generic", + "URL Enrichment - Generic", + "File Enrichment - Generic", + "Domain Enrichment - Generic", "IP Enrichment - Generic" ] } - }, + }, { "Phishing Investigation - Generic": { - "name": "Phishing Investigation - Generic", - "toversion": "3.9.9", - "fromversion": "3.6.0", + "name": "Phishing Investigation - Generic", + "toversion": "3.9.9", + "fromversion": "3.6.0", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "Set", + "CloseInvestigation", + "AssignAnalystToIncident", + "Set", "SendEmail" - ], + ], "implementing_playbooks": [ - "Search And Delete Emails - Generic", - "Detonate File - Generic", - "Extract Indicators From File - Generic", - "Process Email - Generic", - "Entity Enrichment - Generic", - "Email Address Enrichment - Generic", + "Search And Delete Emails - Generic", + "Detonate File - Generic", + "Extract Indicators From File - Generic", + "Process Email - Generic", + "Entity Enrichment - Generic", + "Email Address Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "DBotCreatePhishingClassifierJob": { - "name": "DBot Create Phishing Classifier Job", - "fromversion": "4.1.0", + "name": "DBot Create Phishing Classifier Job", + "fromversion": "4.1.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "playbook5": { - "name": "Phishing Playbook - Automated", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "implementing_scripts": [ - "Set", - "Exists", - "SendEmail", - "CheckSenderDomainDistance", - "CloseInvestigation", - "ExtractIP", - "IsMaliciousIndicatorFound", + "name": "Phishing Playbook - Automated", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "implementing_scripts": [ + "Set", + "Exists", + "SendEmail", + "CheckSenderDomainDistance", + "CloseInvestigation", + "ExtractIP", + "IsMaliciousIndicatorFound", "ExtractURL" - ], + ], "implementing_playbooks": [ - "Process Email", - "Detonate files", - "Hunt for bad IOCs", - "Account Enrichment", + "Process Email", + "Detonate files", + "Hunt for bad IOCs", + "Account Enrichment", "Enrichment Playbook" ] } - }, + }, { "Demisto_Self-Defense_-_Account_policy_monitoring_playbook": { - "name": "Demisto Self-Defense - Account policy monitoring playbook", - "fromversion": "3.5.0", + "name": "Demisto Self-Defense - Account policy monitoring playbook", + "fromversion": "3.5.0", "implementing_scripts": [ "CloseInvestigation" - ], + ], "implementing_commands": [ - "TwilioSendSMS", - "slack-send", - "demisto-api-get", + "TwilioSendSMS", + "slack-send", + "demisto-api-get", "setIncident" ] } - }, + }, { "Google-Vault-Search-Mail": { - "name": "Google Vault - Search Mail", - "fromversion": "4.0.0", + "name": "Google Vault - Search Mail", + "fromversion": "4.0.0", "implementing_scripts": [ "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "gvault-get-mail-results", - "gvault-create-export-mail", - "gvault-export-status", + "gvault-get-mail-results", + "gvault-create-export-mail", + "gvault-export-status", "gvault-download-results" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "toversion": "3.6.0", + "name": "ATD - Detonate File", + "toversion": "3.6.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "detonate-file" ] } - }, + }, { "block_account_-_generic": { - "name": "Block Account - Generic", - "fromversion": "4.0.0", + "name": "Block Account - Generic", + "fromversion": "4.0.0", "implementing_commands": [ "ad-disable-account" ] } - }, + }, { "file_enrichment_-_virus_total_private_api": { - "name": "File Enrichment - Virus Total Private API", - "fromversion": "3.6.0", + "name": "File Enrichment - Virus Total Private API", + "fromversion": "3.6.0", "implementing_commands": [ - "vt-private-check-file-behaviour", + "vt-private-check-file-behaviour", "vt-private-get-file-report" ] } - }, + }, { "file_enrichment_-_file_reputation": { - "name": "File Enrichment - File reputation", - "fromversion": "3.6.0", + "name": "File Enrichment - File reputation", + "fromversion": "3.6.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "block_url_-_generic": { - "name": "Block URL - Generic", - "fromversion": "4.0.0", + "name": "Block URL - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ "Add Indicator to Miner - Palo Alto MineMeld" - ], + ], "implementing_commands": [ "zscaler-blacklist-url" ] } - }, + }, { "Process Email": { - "name": "Process Email", - "fromversion": "2.5.0", + "name": "Process Email", + "fromversion": "2.5.0", "implementing_scripts": [ - "Set", - "Exists", + "Set", + "Exists", "ParseEmailFiles" ] } - }, + }, { "playbook15": { - "name": "Tanium Demo Playbook", - "fromversion": "2.5.0", + "name": "Tanium Demo Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ "Exists" - ], + ], "implementing_commands": [ "cb-binary-get" ] } - }, + }, { "Get File Sample From Hash - Cylance Protect": { - "name": "Get File Sample From Hash - Cylance Protect", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Get File Sample From Hash - Cylance Protect", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "http", - "UnzipFile", + "http", + "UnzipFile", "Exists" - ], + ], "implementing_commands": [ "cylance-protect-download-threat" ] } - }, + }, { "access_investigation_-_generic": { - "name": "Access Investigation - Generic", - "fromversion": "3.6.0", + "name": "Access Investigation - Generic", + "fromversion": "3.6.0", "implementing_scripts": [ - "AssignAnalystToIncident", - "ADGetUser", + "AssignAnalystToIncident", + "ADGetUser", "EmailAskUser" - ], + ], "implementing_playbooks": [ - "IP Enrichment - Generic", + "IP Enrichment - Generic", "Account Enrichment - Generic" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "setIncident" ] } - }, + }, { "search_endpoints_by_hash_-_tie": { - "name": "Search Endpoints By Hash - TIE", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE", + "fromversion": "3.5.0", "implementing_scripts": [ "EPOFindSystem" - ], + ], "implementing_commands": [ "tie-file-references" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response", + "fromversion": "3.5.0", "implementing_scripts": [ - "CBLiveGetFile", + "CBLiveGetFile", "Exists" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "WildFire - Detonate file", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ "Set" - ], + ], "implementing_commands": [ - "wildfire-report", + "wildfire-report", "detonate-file" ] } - }, + }, { "Detonate File - Generic": { - "name": "Detonate File - Generic", - "fromversion": "4.0.0", + "name": "Detonate File - Generic", + "fromversion": "4.0.0", "implementing_playbooks": [ - "CrowdStrike Falcon Sandbox - Detonate file", - "ATD - Detonate File", - "Detonate File - SNDBOX", - "Detonate File - JoeSecurity", - "Detonate File - Cuckoo", - "Detonate File - Lastline", - "WildFire - Detonate file", + "CrowdStrike Falcon Sandbox - Detonate file", + "ATD - Detonate File", + "Detonate File - SNDBOX", + "Detonate File - JoeSecurity", + "Detonate File - Cuckoo", + "Detonate File - Lastline", + "WildFire - Detonate file", "Detonate File - ThreatGrid" ] } - }, + }, { "D2 - Endpoint data collection": { - "name": "D2 - Endpoint data collection", + "name": "D2 - Endpoint data collection", "implementing_scripts": [ - "D2ExecuteCommand", - "ActiveUsersD2", - "Exists", - "IncidentAddSystem", - "FetchFileD2", + "D2ExecuteCommand", + "ActiveUsersD2", + "Exists", + "IncidentAddSystem", + "FetchFileD2", "AreValuesEqual" ] } - }, + }, { "Enrichment Playbook": { - "name": "Enrichment Playbook", - "fromversion": "2.5.0", + "name": "Enrichment Playbook", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "FileReputation", - "IPReputation", - "Exists", + "Print", + "FileReputation", + "IPReputation", + "Exists", "URLReputation" ] } - }, + }, { "Office 365 Search and Delete": { - "name": "Office 365 Search and Delete", - "fromversion": "4.0.0", + "name": "Office 365 Search and Delete", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "ews-o365-remove-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-get-compliance-search", + "ews-o365-remove-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-get-compliance-search", "ews-o365-start-compliance-search" ] } - }, + }, { "dbot_indicator_enrichment_-_generic": { - "name": "DBot Indicator Enrichment - Generic", - "fromversion": "3.5.0", + "name": "DBot Indicator Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ "GetIndicatorDBotScore" ] } - }, + }, { "playbook0": { - "name": "Default", - "fromversion": "3.5.0", + "name": "Default", + "fromversion": "3.5.0", "implementing_scripts": [ - "CloseInvestigation", + "CloseInvestigation", "AssignAnalystToIncident" - ], + ], "implementing_playbooks": [ - "Extract Indicators - Generic", - "Entity Enrichment - Generic", + "Extract Indicators - Generic", + "Entity Enrichment - Generic", "Calculate Severity - Generic" ] } - }, + }, { "File Enrichment - Generic": { - "name": "File Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "File Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ "FileReputation" ] } - }, + }, { "ATD - Detonate File": { - "name": "ATD - Detonate File", - "fromversion": "4.0.0", + "name": "ATD - Detonate File", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "atd-get-report", - "atd-file-upload", + "atd-get-report", + "atd-file-upload", "atd-check-status" ] } - }, + }, { "account_enrichment_-_generic": { - "name": "Account Enrichment - Generic", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic", + "fromversion": "3.5.0", "implementing_scripts": [ - "ADGetUser", + "ADGetUser", "Exists" ] } - }, + }, { "detonatefile_-_joesecurity": { - "name": "Detonate File - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File - JoeSecurity", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-analysis-info", + "joe-download-report", + "joe-analysis-info", "joe-analysis-submit-sample" ] } - }, + }, { "ip_enrichment_generic": { - "name": "IP Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", "implementing_scripts": [ - "IsIPInRanges", - "IPReputation", + "IsIPInRanges", + "IPReputation", "Exists" ] } - }, + }, { "Detonate files": { - "name": "Detonate files", - "toversion": "3.1.0", - "fromversion": "2.5.0", + "name": "Detonate files", + "toversion": "3.1.0", + "fromversion": "2.5.0", "implementing_scripts": [ - "Print", - "SandboxDetonateFile", + "Print", + "SandboxDetonateFile", "Exists" ] } - }, + }, { "detonate_file_from_url_-_joesecurity": { - "name": "Detonate File From URL - JoeSecurity", - "fromversion": "4.0.0", + "name": "Detonate File From URL - JoeSecurity", + "fromversion": "4.0.0", "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "joe-download-report", + "joe-download-report", "joe-analysis-submit-sample" ] } - }, + }, { "Carbon Black Rapid IOC Hunting": { - "name": "Carbon Black Rapid IOC Hunting", - "fromversion": "2.5.0", + "name": "Carbon Black Rapid IOC Hunting", + "fromversion": "2.5.0", "implementing_scripts": [ - "CBFindHash", + "CBFindHash", "Exists" ] } - }, + }, { "email_address_enrichment_-_generic": { - "name": "Email Address Enrichment - Generic", - "toversion": "3.5.1", - "fromversion": "3.5.0", - "implementing_scripts": [ - "IsEmailAddressInternal", - "EmailReputation", - "ADGetUser", - "Exists", + "name": "Email Address Enrichment - Generic", + "toversion": "3.5.1", + "fromversion": "3.5.0", + "implementing_scripts": [ + "IsEmailAddressInternal", + "EmailReputation", + "ADGetUser", + "Exists", "EmailDomainSquattingReputation" ] } - }, + }, { "Endpoint data collection": { - "name": "Endpoint data collection", + "name": "Endpoint data collection", "implementing_scripts": [ "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Sentinel One - Endpoint data collection", - "MAR - Endpoint data collection", + "Sentinel One - Endpoint data collection", + "MAR - Endpoint data collection", "D2 - Endpoint data collection" ] } - }, + }, { "Get File Sample From Hash - Generic": { - "name": "Get File Sample From Hash - Generic", - "toversion": "3.1.0", + "name": "Get File Sample From Hash - Generic", + "toversion": "3.1.0", "implementing_playbooks": [ - "Get File Sample From Hash - Cylance Protect", + "Get File Sample From Hash - Cylance Protect", "Get File Sample From Hash - Carbon Black Enterprise Response" ] } - }, + }, { "WildFire - Detonate file": { - "name": "WildFire - Detonate file", - "fromversion": "4.0.0", + "name": "WildFire - Detonate file", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "wildfire-upload", + "wildfire-upload", "wildfire-report" ] } - }, + }, { "detonate_file_-_threatgrid": { - "name": "Detonate File - ThreatGrid", - "fromversion": "4.0.0", + "name": "Detonate File - ThreatGrid", + "fromversion": "4.0.0", "implementing_scripts": [ "Set" - ], + ], "implementing_playbooks": [ "GenericPolling" - ], + ], "implementing_commands": [ - "threat-grid-upload-sample", + "threat-grid-upload-sample", "threat-grid-get-samples-state" ] } }, - { + { "Phishing Investigation - Generic": { "name": "Phishing Investigation - Generic", "fromversion": "4.1.0", @@ -6573,7752 +6554,7752 @@ ] } } - ], + ], "integrations": [ { "Cybereason": { - "name": "Cybereason", - "commands": [ - "cybereason-query-processes", - "cybereason-is-probe-connected", - "cybereason-query-connections", - "cybereason-isolate-machine", - "cybereason-unisolate-machine", - "cybereason-query-malops", - "cybereason-malop-processes", - "cybereason-add-comment", + "name": "Cybereason", + "commands": [ + "cybereason-query-processes", + "cybereason-is-probe-connected", + "cybereason-query-connections", + "cybereason-isolate-machine", + "cybereason-unisolate-machine", + "cybereason-query-malops", + "cybereason-malop-processes", + "cybereason-add-comment", "cybereason-update-malop-status" ] } - }, + }, { "Giphy": { - "name": "Giphy", + "name": "Giphy", "commands": [ "giphy" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "toversion": "3.1.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-cancel", - "nw-sdk-query", - "nw-sdk-validate", - "nw-sdk-aliases", - "nw-sdk-content", - "nw-sdk-ls", - "nw-sdk-count", - "nw-sdk-timeline", - "nw-sdk-mon", - "nw-sdk-stopMon", - "nw-sdk-msearch", - "nw-sdk-precache", - "nw-sdk-delCache", - "nw-sdk-info", - "nw-sdk-search", - "nw-sdk-language", - "nw-sdk-packets", - "nw-sdk-summary", - "nw-sdk-reconfig", - "nw-sdk-values", - "nw-sdk-xforms", - "nw-database-info", - "nw-database-count", - "nw-database-dbState", - "nw-database-dump", - "nw-database-hashInfo", - "nw-database-resetMax", - "nw-database-optimize", - "nw-database-reconfig", - "nw-database-ls", - "nw-database-timeRoll", - "nw-database-stopMon", - "nw-database-manifest", - "nw-database-wipe", - "nw-database-sizeRoll", - "nw-database-mon", - "nw-decoder-reset", - "nw-decoder-info", - "nw-decoder-reconfig", - "nw-decoder-agg", - "nw-decoder-stop", - "nw-decoder-count", - "nw-decoder-start", - "nw-decoder-meta", - "nw-decoder-ls", - "nw-decoder-stopMon", - "nw-decoder-resetMax", - "nw-decoder-whoAgg", - "nw-decoder-logStats", - "nw-decoder-select", - "nw-decoder-mon", - "nw-index-ls", - "nw-index-mon", - "nw-index-save", - "nw-index-info", - "nw-index-drop", - "nw-index-count", - "nw-index-values", - "nw-index-profile", - "nw-index-stopMon", - "nw-index-inspect", - "nw-index-language", - "nw-index-reconfig", - "nw-index-sizeRoll", - "nw-decoderParsers-ls", - "nw-decoderParsers-mon", - "nw-decoderParsers-feed", - "nw-decoderParsers-info", - "nw-decoderParsers-count", - "nw-decoderParsers-schema", - "nw-decoderParsers-reload", - "nw-decoderParsers-upload", - "nw-decoderParsers-delete", - "nw-decoderParsers-stopMon", - "nw-decoderParsers-devices", - "nw-decoderParsers-content", - "nw-decoderParsers-ipdevice", - "nw-decoderParsers-iptmzone", - "nw-logs-ls", - "nw-logs-mon", - "nw-logs-pull", - "nw-logs-info", - "nw-logs-count", - "nw-logs-stopMon", - "nw-logs-download", - "nw-logs-timeRoll", - "nw-sys-ls", - "nw-sys-mon", - "nw-sys-save", - "nw-sys-info", - "nw-sys-count", - "nw-sys-caCert", - "nw-sys-stopMon", - "nw-sys-shutdown", - "nw-sys-fileEdit", - "nw-sys-peerCert", - "nw-sys-servCert", - "nw-sys-statHist", - "nw-users-ls", - "nw-users-mon", - "nw-users-info", - "nw-users-auths", - "nw-users-count", - "nw-users-delete", - "nw-users-unlock", - "nw-users-stopMon", - "nw-users-addOrMod", - "nw-decoder-import", - "nw-decoder-parsers-upload", - "nw-concentrator-reset", - "nw-concentrator-reconfig", - "nw-concentrator-start", - "nw-concentrator-stop", - "nw-concentrator-count", - "nw-concentrator-edit", - "nw-concentrator-add", - "nw-concentrator-meta", - "nw-concentrator-status", - "nw-concentrator-ls", - "nw-concentrator-resetMax", - "nw-concentrator-stopMon", - "nw-concentrator-delete", - "nw-concentrator-whoAgg", - "nw-concentrator-mon", - "nw-broker-reset", - "nw-broker-start", - "nw-broker-stop", - "nw-broker-count", - "nw-broker-edit", - "nw-broker-add", - "nw-broker-meta", - "nw-broker-status", - "nw-broker-ls", - "nw-broker-resetMax", - "nw-broker-stopMon", - "nw-broker-delete", - "nw-broker-whoAgg", + "name": "RSA NetWitness Packets and Logs", + "toversion": "3.1.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-cancel", + "nw-sdk-query", + "nw-sdk-validate", + "nw-sdk-aliases", + "nw-sdk-content", + "nw-sdk-ls", + "nw-sdk-count", + "nw-sdk-timeline", + "nw-sdk-mon", + "nw-sdk-stopMon", + "nw-sdk-msearch", + "nw-sdk-precache", + "nw-sdk-delCache", + "nw-sdk-info", + "nw-sdk-search", + "nw-sdk-language", + "nw-sdk-packets", + "nw-sdk-summary", + "nw-sdk-reconfig", + "nw-sdk-values", + "nw-sdk-xforms", + "nw-database-info", + "nw-database-count", + "nw-database-dbState", + "nw-database-dump", + "nw-database-hashInfo", + "nw-database-resetMax", + "nw-database-optimize", + "nw-database-reconfig", + "nw-database-ls", + "nw-database-timeRoll", + "nw-database-stopMon", + "nw-database-manifest", + "nw-database-wipe", + "nw-database-sizeRoll", + "nw-database-mon", + "nw-decoder-reset", + "nw-decoder-info", + "nw-decoder-reconfig", + "nw-decoder-agg", + "nw-decoder-stop", + "nw-decoder-count", + "nw-decoder-start", + "nw-decoder-meta", + "nw-decoder-ls", + "nw-decoder-stopMon", + "nw-decoder-resetMax", + "nw-decoder-whoAgg", + "nw-decoder-logStats", + "nw-decoder-select", + "nw-decoder-mon", + "nw-index-ls", + "nw-index-mon", + "nw-index-save", + "nw-index-info", + "nw-index-drop", + "nw-index-count", + "nw-index-values", + "nw-index-profile", + "nw-index-stopMon", + "nw-index-inspect", + "nw-index-language", + "nw-index-reconfig", + "nw-index-sizeRoll", + "nw-decoderParsers-ls", + "nw-decoderParsers-mon", + "nw-decoderParsers-feed", + "nw-decoderParsers-info", + "nw-decoderParsers-count", + "nw-decoderParsers-schema", + "nw-decoderParsers-reload", + "nw-decoderParsers-upload", + "nw-decoderParsers-delete", + "nw-decoderParsers-stopMon", + "nw-decoderParsers-devices", + "nw-decoderParsers-content", + "nw-decoderParsers-ipdevice", + "nw-decoderParsers-iptmzone", + "nw-logs-ls", + "nw-logs-mon", + "nw-logs-pull", + "nw-logs-info", + "nw-logs-count", + "nw-logs-stopMon", + "nw-logs-download", + "nw-logs-timeRoll", + "nw-sys-ls", + "nw-sys-mon", + "nw-sys-save", + "nw-sys-info", + "nw-sys-count", + "nw-sys-caCert", + "nw-sys-stopMon", + "nw-sys-shutdown", + "nw-sys-fileEdit", + "nw-sys-peerCert", + "nw-sys-servCert", + "nw-sys-statHist", + "nw-users-ls", + "nw-users-mon", + "nw-users-info", + "nw-users-auths", + "nw-users-count", + "nw-users-delete", + "nw-users-unlock", + "nw-users-stopMon", + "nw-users-addOrMod", + "nw-decoder-import", + "nw-decoder-parsers-upload", + "nw-concentrator-reset", + "nw-concentrator-reconfig", + "nw-concentrator-start", + "nw-concentrator-stop", + "nw-concentrator-count", + "nw-concentrator-edit", + "nw-concentrator-add", + "nw-concentrator-meta", + "nw-concentrator-status", + "nw-concentrator-ls", + "nw-concentrator-resetMax", + "nw-concentrator-stopMon", + "nw-concentrator-delete", + "nw-concentrator-whoAgg", + "nw-concentrator-mon", + "nw-broker-reset", + "nw-broker-start", + "nw-broker-stop", + "nw-broker-count", + "nw-broker-edit", + "nw-broker-add", + "nw-broker-meta", + "nw-broker-status", + "nw-broker-ls", + "nw-broker-resetMax", + "nw-broker-stopMon", + "nw-broker-delete", + "nw-broker-whoAgg", "nw-broker-mon" ] } - }, + }, { "ReversingLabs A1000": { - "name": "ReversingLabs A1000", - "commands": [ - "file", - "reversinglabs-upload", - "reversinglabs-delete", - "reversinglabs-extracted-files", - "reversinglabs-download", - "reversinglabs-analyze", + "name": "ReversingLabs A1000", + "commands": [ + "file", + "reversinglabs-upload", + "reversinglabs-delete", + "reversinglabs-extracted-files", + "reversinglabs-download", + "reversinglabs-analyze", "reversinglabs-download-unpacked" ] } - }, + }, { "VMware": { - "name": "VMware", - "commands": [ - "vmware-get-vms", - "vmware-poweron", - "vmware-poweroff", - "vmware-hard-reboot", - "vmware-suspend", - "vmware-soft-reboot", - "vmware-create-snapshot", - "vmware-revert-snapshot", + "name": "VMware", + "commands": [ + "vmware-get-vms", + "vmware-poweron", + "vmware-poweroff", + "vmware-hard-reboot", + "vmware-suspend", + "vmware-soft-reboot", + "vmware-create-snapshot", + "vmware-revert-snapshot", "vmware-get-events" ] } - }, + }, { "RSA Archer": { - "name": "RSA Archer", - "commands": [ - "archer-create-record", - "archer-update-record", - "archer-get-record", - "archer-search-applications", - "archer-search-records", - "archer-get-application-fields", - "archer-delete-record", - "archer-get-field", - "archer-get-reports", - "archer-execute-statistic-search-by-report", - "archer-get-search-options-by-guid", - "archer-search-records-by-report", - "archer-get-mapping-by-level", - "archer-manually-fetch-incident", - "archer-get-file", - "archer-upload-file", - "archer-add-to-detailed-analysis", + "name": "RSA Archer", + "commands": [ + "archer-create-record", + "archer-update-record", + "archer-get-record", + "archer-search-applications", + "archer-search-records", + "archer-get-application-fields", + "archer-delete-record", + "archer-get-field", + "archer-get-reports", + "archer-execute-statistic-search-by-report", + "archer-get-search-options-by-guid", + "archer-search-records-by-report", + "archer-get-mapping-by-level", + "archer-manually-fetch-incident", + "archer-get-file", + "archer-upload-file", + "archer-add-to-detailed-analysis", "archer-get-user-id" ] } - }, + }, { "vmray": { - "name": "vmray", + "name": "vmray", "commands": [ - "upload_sample", - "get_results", + "upload_sample", + "get_results", "get_job_sample" ] } - }, + }, { "jira": { - "name": "jira", - "fromversion": "2.6.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", - "jira-issue-add-link", - "jira-edit-issue", - "jira-get-comments", + "name": "jira", + "fromversion": "2.6.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", + "jira-issue-add-link", + "jira-edit-issue", + "jira-get-comments", "jira-delete-issue" ] } - }, + }, { "Verodin": { - "name": "Verodin", - "commands": [ - "verodin-get-topology-nodes", - "verodin-get-topology-map", - "verodin-manage-sims-actions", - "verodin-manage-sims-actions-run", - "verodin-get-security-zones", - "verodin-get-security-zone", - "verodin-delete-security-zone", - "verodin-get-sims-of-type", - "verodin-get-sim", - "verodin-delete-sim", - "verodin-get-jobs", - "verodin-get-job", - "verodin-run-job-again", - "verodin-get-job-sim-actions", + "name": "Verodin", + "commands": [ + "verodin-get-topology-nodes", + "verodin-get-topology-map", + "verodin-manage-sims-actions", + "verodin-manage-sims-actions-run", + "verodin-get-security-zones", + "verodin-get-security-zone", + "verodin-delete-security-zone", + "verodin-get-sims-of-type", + "verodin-get-sim", + "verodin-delete-sim", + "verodin-get-jobs", + "verodin-get-job", + "verodin-run-job-again", + "verodin-get-job-sim-actions", "verodin-job-cancel" ] } - }, + }, { "dnstwist": { - "name": "dnstwist", + "name": "dnstwist", "commands": [ "dnstwist-domain-variations" ] } - }, + }, { "EWS": { - "name": "EWS", - "commands": [ - "ews-get-folder", - "ews-delete-items", - "ews-delete-attachments", - "ews-get-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-get-attachment", - "ews-find-folders", - "ews-get-attachment-item", + "name": "EWS", + "commands": [ + "ews-get-folder", + "ews-delete-items", + "ews-delete-attachments", + "ews-get-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-get-attachment", + "ews-find-folders", + "ews-get-attachment-item", "ews-move-item" ] } - }, + }, { "OpenPhish": { - "name": "OpenPhish", + "name": "OpenPhish", "commands": [ - "url", - "openphish-reload", + "url", + "openphish-reload", "openphish-status" ] } - }, + }, { "McAfee NSM": { - "name": "McAfee NSM", - "commands": [ - "nsm-get-sensors", - "nsm-get-domains", - "nsm-get-alerts", - "nsm-update-alerts", - "nsm-get-alert-details", - "nsm-get-ips-policies", - "nsm-get-ips-policy-details", + "name": "McAfee NSM", + "commands": [ + "nsm-get-sensors", + "nsm-get-domains", + "nsm-get-alerts", + "nsm-update-alerts", + "nsm-get-alert-details", + "nsm-get-ips-policies", + "nsm-get-ips-policy-details", "nsm-get-attacks" ] } - }, + }, { "ipinfo": { - "name": "ipinfo", + "name": "ipinfo", "commands": [ - "ip", + "ip", "ipinfo_field" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "toversion": "3.1.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "toversion": "3.1.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "toversion": "3.1.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "toversion": "3.1.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "Demisto REST API": { - "name": "Demisto REST API", - "commands": [ - "demisto-api-post", - "demisto-api-get", - "demisto-api-put", - "demisto-api-delete", - "demisto-api-download", - "demisto-api-multipart", + "name": "Demisto REST API", + "commands": [ + "demisto-api-post", + "demisto-api-get", + "demisto-api-put", + "demisto-api-delete", + "demisto-api-download", + "demisto-api-multipart", "demisto-delete-incidents" ] } - }, + }, { "Symantec Advanced Threat Protection": { - "name": "Symantec Advanced Threat Protection", - "commands": [ - "satp-appliances", - "satp-command", - "satp-command-state", - "satp-command-cancel", - "satp-events", - "satp-files", - "satp-incident-events", + "name": "Symantec Advanced Threat Protection", + "commands": [ + "satp-appliances", + "satp-command", + "satp-command-state", + "satp-command-cancel", + "satp-events", + "satp-files", + "satp-incident-events", "satp-incidents" ] } - }, + }, { "McAfee Active Response": { - "name": "McAfee Active Response", + "name": "McAfee Active Response", "commands": [ - "mar-search", - "mar-collectors-list", + "mar-search", + "mar-collectors-list", "mar-search-multiple" ] } - }, + }, { "Aella Star Light": { - "name": "Aella Star Light", + "name": "Aella Star Light", "commands": [ "aella-get-event" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "fromversion": "3.5.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "fromversion": "3.5.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "Cisco CloudLock": { - "name": "Cisco CloudLock", + "name": "Cisco CloudLock", "commands": [ - "cloudlock-get-users", - "cloudlock-get-user-apps", + "cloudlock-get-users", + "cloudlock-get-user-apps", "cloudlock-get-activities" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", - "cb-process-kill", - "cb-directory-listing", - "cb-process-execute", - "cb-memdeump", - "cb-command-create", - "cb-command-create-and-wait", - "cb-terminate-process", - "cb-file-delete-from-endpoint", - "cb-registry-get-values", - "cb-registry-query-value", - "cb-registry-create-key", - "cb-registry-delete-key", - "cb-registry-delete-value", - "cb-registry-set-value", - "cb-process-list", - "cb-get-file-from-endpoint", + "name": "carbonblackliveresponse", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", + "cb-process-kill", + "cb-directory-listing", + "cb-process-execute", + "cb-memdeump", + "cb-command-create", + "cb-command-create-and-wait", + "cb-terminate-process", + "cb-file-delete-from-endpoint", + "cb-registry-get-values", + "cb-registry-query-value", + "cb-registry-create-key", + "cb-registry-delete-key", + "cb-registry-delete-value", + "cb-registry-set-value", + "cb-process-list", + "cb-get-file-from-endpoint", "cb-push-file-to-endpoint" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "Pipl": { - "name": "Pipl", - "fromversion": "3.5.0", + "name": "Pipl", + "fromversion": "3.5.0", "commands": [ - "pipl-search", + "pipl-search", "email" ] } - }, + }, { "Forcepoint": { - "name": "Forcepoint", + "name": "Forcepoint", "commands": [ - "fp-add-category", - "fp-list-categories", - "fp-get-category-detailes", - "fp-add-address-to-category", - "fp-delete-categories", + "fp-add-category", + "fp-list-categories", + "fp-get-category-detailes", + "fp-add-address-to-category", + "fp-delete-categories", "fp-delete-address-from-category" ] } - }, + }, { "FireEye HX": { - "name": "FireEye HX", - "commands": [ - "fireeye-hx-host-containment", - "fireeye-hx-cancel-containment", - "fireeye-hx-get-alerts", - "fireeye-hx-suppress-alert", - "fireeye-hx-get-indicators", - "fireeye-hx-get-indicator", - "fireeye-hx-get-host-information", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-data-acquisition", - "fireeye-hx-delete-data-acquisition", - "fireeye-hx-search", + "name": "FireEye HX", + "commands": [ + "fireeye-hx-host-containment", + "fireeye-hx-cancel-containment", + "fireeye-hx-get-alerts", + "fireeye-hx-suppress-alert", + "fireeye-hx-get-indicators", + "fireeye-hx-get-indicator", + "fireeye-hx-get-host-information", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-data-acquisition", + "fireeye-hx-delete-data-acquisition", + "fireeye-hx-search", "fireeye-hx-get-host-set-information" ] } - }, + }, { "Threat Crowd": { - "name": "Threat Crowd", + "name": "Threat Crowd", "commands": [ - "threat-crowd-email", - "threat-crowd-domain", - "threat-crowd-ip", - "threat-crowd-antivirus", + "threat-crowd-email", + "threat-crowd-domain", + "threat-crowd-ip", + "threat-crowd-antivirus", "threat-crowd-file" ] } - }, + }, { "Palo Alto AppFramework": { - "name": "Palo Alto AppFramework", + "name": "Palo Alto AppFramework", "commands": [ - "pan-appframework-query-logs", - "pan-appframework-get-critical-threat-logs", - "pan-appframework-get-social-applications", + "pan-appframework-query-logs", + "pan-appframework-get-critical-threat-logs", + "pan-appframework-get-social-applications", "pan-appframework-search-by-file-hash" ] } - }, + }, { "Phishme Intelligence": { - "name": "Phishme Intelligence", + "name": "Phishme Intelligence", "commands": [ - "url", - "file", - "ip", - "phishme-search", + "url", + "file", + "ip", + "phishme-search", "email" ] } - }, + }, { "Remedy AR": { - "name": "Remedy AR", + "name": "Remedy AR", "commands": [ "remedy-get-server-details" ] } - }, + }, { "Intezer": { - "name": "Intezer", + "name": "Intezer", "commands": [ - "file", + "file", "intezer-upload" ] } - }, + }, { "AlgoSec": { - "name": "AlgoSec", + "name": "AlgoSec", "commands": [ - "algosec-get-ticket", - "algosec-create-ticket", - "algosec-get-applications", - "algosec-get-network-object", + "algosec-get-ticket", + "algosec-create-ticket", + "algosec-get-applications", + "algosec-get-network-object", "algosec-query" ] } - }, + }, { "Zoom": { - "name": "Zoom", + "name": "Zoom", "commands": [ - "zoom-create-user", - "zoom-create-meeting", - "zoom-fetch-recording", - "zoom-list-users", + "zoom-create-user", + "zoom-create-meeting", + "zoom-fetch-recording", + "zoom-list-users", "zoom-delete-user" ] } - }, + }, { "Cuckoo Sandbox": { - "name": "Cuckoo Sandbox", - "fromversion": "3.5.0", - "commands": [ - "ck-file", - "cuckoo-create-task-from-file", - "ck-report", - "cuckoo-get-task-report", - "ck-list", - "cuckoo-list-tasks", - "ck-url", - "cuckoo-create-task-from-url", - "ck-view", - "cuckoo-view-task", - "ck-del", - "cuckoo-delete-task", - "ck-scrshot", - "cuckoo-task-screenshot", - "ck-machines-list", - "cuckoo-machines-list", - "ck-machine-view", + "name": "Cuckoo Sandbox", + "fromversion": "3.5.0", + "commands": [ + "ck-file", + "cuckoo-create-task-from-file", + "ck-report", + "cuckoo-get-task-report", + "ck-list", + "cuckoo-list-tasks", + "ck-url", + "cuckoo-create-task-from-url", + "ck-view", + "cuckoo-view-task", + "ck-del", + "cuckoo-delete-task", + "ck-scrshot", + "cuckoo-task-screenshot", + "ck-machines-list", + "cuckoo-machines-list", + "ck-machine-view", "cuckoo-machine-view" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "commands": [ - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", - "threat-grid-get-specific-feed", - "threat-grid-detonate-file", - "threat-grid-url-to-file", - "threat-grid-organization-get-rate-limit", - "threat-grid-search-ips", - "threat-grid-get-analysis-annotations", - "threat-grid-search-samples", - "threat-grid-search-urls", - "threat-grid-get-samples-state", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-domain", - "threat-grid-feeds-ip", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-path", - "threat-grid-feeds-url", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-metadata", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-process", + "name": "Threat Grid", + "commands": [ + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", + "threat-grid-get-specific-feed", + "threat-grid-detonate-file", + "threat-grid-url-to-file", + "threat-grid-organization-get-rate-limit", + "threat-grid-search-ips", + "threat-grid-get-analysis-annotations", + "threat-grid-search-samples", + "threat-grid-search-urls", + "threat-grid-get-samples-state", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-domain", + "threat-grid-feeds-ip", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-path", + "threat-grid-feeds-url", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-metadata", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-process", "threat-grid-get-analysis-processes" ] } - }, + }, { "QRadar": { - "name": "QRadar", - "commands": [ - "qradar-offenses", - "qradar-offense-by-id", - "qradar-searches", - "qradar-get-search", - "qradar-get-search-results", - "qradar-update-offense", - "qradar-get-assets", - "qradar-get-asset-by-id", - "qr-searches", - "qr-get-search", - "qr-get-search-results", - "qr-update-offense", - "qr-get-assets", - "qr-offenses", - "qradar-get-closing-reasons", - "qradar-create-note", - "qradar-get-note", - "qradar-get-reference-by-name", - "qradar-create-reference-set", - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-update-reference-set-value", + "name": "QRadar", + "commands": [ + "qradar-offenses", + "qradar-offense-by-id", + "qradar-searches", + "qradar-get-search", + "qradar-get-search-results", + "qradar-update-offense", + "qradar-get-assets", + "qradar-get-asset-by-id", + "qr-searches", + "qr-get-search", + "qr-get-search-results", + "qr-update-offense", + "qr-get-assets", + "qr-offenses", + "qradar-get-closing-reasons", + "qradar-create-note", + "qradar-get-note", + "qradar-get-reference-by-name", + "qradar-create-reference-set", + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-update-reference-set-value", "qradar-delete-reference-set-value" ] } - }, + }, { "SplunkPy": { - "name": "SplunkPy", - "commands": [ - "splunk-results", - "splunk-search", - "splunk-submit-event", - "splunk-get-indexes", - "splunk-notable-event-edit", - "splunk-job-create", + "name": "SplunkPy", + "commands": [ + "splunk-results", + "splunk-search", + "splunk-submit-event", + "splunk-get-indexes", + "splunk-notable-event-edit", + "splunk-job-create", "splunk-parse-raw" ] } - }, + }, { "TruSTAR": { - "name": "TruSTAR", - "commands": [ - "trustar-related-indicators", - "trustar-trending-indicators", - "trustar-search-indicators", - "trustar-submit-report", - "trustar-update-report", - "trustar-report-details", - "trustar-delete-report", - "trustar-get-reports", - "trustar-correlated-reports", - "trustar-search-reports", - "trustar-add-to-whitelist", - "trustar-remove-from-whitelist", - "trustar-get-enclaves", - "file", - "ip", - "url", + "name": "TruSTAR", + "commands": [ + "trustar-related-indicators", + "trustar-trending-indicators", + "trustar-search-indicators", + "trustar-submit-report", + "trustar-update-report", + "trustar-report-details", + "trustar-delete-report", + "trustar-get-reports", + "trustar-correlated-reports", + "trustar-search-reports", + "trustar-add-to-whitelist", + "trustar-remove-from-whitelist", + "trustar-get-enclaves", + "file", + "ip", + "url", "domain" ] } - }, + }, { "LogRhythm": { - "name": "LogRhythm", + "name": "LogRhythm", "commands": [ - "lr-add-alarm-comments", - "lr-get-alarm-by-id", - "lr-get-alarm-events-by-id", - "lr-get-alarm-history-by-id", - "lr-update-alarm-status", + "lr-add-alarm-comments", + "lr-get-alarm-by-id", + "lr-get-alarm-events-by-id", + "lr-get-alarm-history-by-id", + "lr-update-alarm-status", "lr-get-alarms" ] } - }, + }, { "Service Manager": { - "name": "Service Manager", + "name": "Service Manager", "commands": [ - "hpsm-create-incident", - "hpsm-list-incidents", - "hpsm-get-incident-by-id", - "hpsm-list-devices", + "hpsm-create-incident", + "hpsm-list-incidents", + "hpsm-get-incident-by-id", + "hpsm-list-devices", "hpsm-get-device" ] } - }, + }, { "Trend Micro": { - "name": "Trend Micro", - "commands": [ - "trendmicro-host-retrieve-all", - "trendmicro-system-event-retrieve", - "trendmicro-host-antimalware-scan", - "trendmicro-alert-status", - "trendmicro-security-profile-retrieve-all", - "trendmicro-security-profile-assign-to-host", + "name": "Trend Micro", + "commands": [ + "trendmicro-host-retrieve-all", + "trendmicro-system-event-retrieve", + "trendmicro-host-antimalware-scan", + "trendmicro-alert-status", + "trendmicro-security-profile-retrieve-all", + "trendmicro-security-profile-assign-to-host", "trendmicro-anti-malware-event-retrieve" ] } - }, + }, { "Netskope": { - "name": "Netskope", + "name": "Netskope", "commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "McAfee Web Gateway": { - "name": "McAfee Web Gateway", + "name": "McAfee Web Gateway", "commands": [ - "mwg-get-available-lists", - "mwg-get-list", - "mwg-get-list-entry", - "mwg-insert-entry", + "mwg-get-available-lists", + "mwg-get-list", + "mwg-get-list-entry", + "mwg-insert-entry", "mwg-delete-entry" ] } - }, + }, { "ArcSight Logger": { - "name": "ArcSight Logger", - "commands": [ - "as-search-events", - "as-status", - "as-drilldown", - "as-events", - "as-close", - "as-stop", + "name": "ArcSight Logger", + "commands": [ + "as-search-events", + "as-status", + "as-drilldown", + "as-events", + "as-close", + "as-stop", "as-search" ] } - }, + }, { "carbonblack-v2": { - "name": "carbonblack-v2", - "fromversion": "3.6.0", - "commands": [ - "cb-alert", - "cb-binary", - "cb-binary-get", - "cb-block-hash", - "cb-get-hash-blacklist", - "cb-get-process", - "cb-get-processes", - "cb-list-sensors", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-unblock-hash", - "cb-unquarantine-device", - "cb-version", - "cb-watchlist-del", - "cb-watchlist-get", - "cb-watchlist-new", - "cb-watchlist-set", - "cb-alert-update", + "name": "carbonblack-v2", + "fromversion": "3.6.0", + "commands": [ + "cb-alert", + "cb-binary", + "cb-binary-get", + "cb-block-hash", + "cb-get-hash-blacklist", + "cb-get-process", + "cb-get-processes", + "cb-list-sensors", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-unblock-hash", + "cb-unquarantine-device", + "cb-version", + "cb-watchlist-del", + "cb-watchlist-get", + "cb-watchlist-new", + "cb-watchlist-set", + "cb-alert-update", "cb-watchlist" ] } - }, + }, { "Zscaler": { - "name": "Zscaler", - "commands": [ - "zscaler-blacklist-url", - "url", - "ip", - "zscaler-undo-blacklist-url", - "zscaler-whitelist-url", - "zscaler-undo-whitelist-url", - "zscaler-undo-whitelist-ip", - "zscaler-whitelist-ip", - "zscaler-undo-blacklist-ip", - "zscaler-blacklist-ip", - "zscaler-category-add-url", - "zscaler-category-add-ip", - "zscaler-category-remove-url", - "zscaler-category-remove-ip", - "zscaler-get-categories", - "zscaler-get-blacklist", + "name": "Zscaler", + "commands": [ + "zscaler-blacklist-url", + "url", + "ip", + "zscaler-undo-blacklist-url", + "zscaler-whitelist-url", + "zscaler-undo-whitelist-url", + "zscaler-undo-whitelist-ip", + "zscaler-whitelist-ip", + "zscaler-undo-blacklist-ip", + "zscaler-blacklist-ip", + "zscaler-category-add-url", + "zscaler-category-add-ip", + "zscaler-category-remove-url", + "zscaler-category-remove-ip", + "zscaler-get-categories", + "zscaler-get-blacklist", "zscaler-get-whitelist" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "toversion": "3.1.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "toversion": "3.1.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "toversion": "3.1.0", - "fromversion": "3.0.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", + "name": "fireeye", + "toversion": "3.1.0", + "fromversion": "3.0.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", "fe-config" ] } - }, + }, { "Awake Security": { - "name": "Awake Security", - "commands": [ - "awake-query-devices", - "awake-query-activities", - "awake-query-domains", - "awake-pcap-download", - "domain", - "ip", - "email", + "name": "Awake Security", + "commands": [ + "awake-query-devices", + "awake-query-activities", + "awake-query-domains", + "awake-pcap-download", + "domain", + "ip", + "email", "device" ] } - }, + }, { "Skyformation": { - "name": "Skyformation", + "name": "Skyformation", "commands": [ - "skyformation-get-accounts", - "skyformation-suspend-user", + "skyformation-get-accounts", + "skyformation-suspend-user", "skyformation-unsuspend-user" ] } - }, + }, { "Cisco Spark": { - "name": "Cisco Spark", - "commands": [ - "cisco-spark-list-people", - "cisco-spark-create-person", - "cisco-spark-get-person-details", - "cisco-spark-update-person", - "cisco-spark-delete-person", - "cisco-spark-get-own-details", - "cisco-spark-list-rooms", - "cisco-spark-create-room", - "cisco-spark-get-room-details", - "cisco-spark-update-room", - "cisco-spark-delete-room", - "cisco-spark-list-memberships", - "cisco-spark-create-membership", - "cisco-spark-get-membership-details", - "cisco-spark-update-membership", - "cisco-spark-delete-membership", - "cisco-spark-list-messages", - "cisco-spark-create-message", - "cisco-spark-get-message-details", - "cisco-spark-delete-message", - "cisco-spark-list-teams", - "cisco-spark-create-team", - "cisco-spark-get-team-details", - "cisco-spark-update-team", - "cisco-spark-delete-team", - "cisco-spark-list-team-memberships", - "cisco-spark-create-team-membership", - "cisco-spark-get-team-membership-details", - "cisco-spark-update-team-membership", - "cisco-spark-delete-team-membership", - "cisco-spark-list-webhooks", - "cisco-spark-create-webhook", - "cisco-spark-get-webhook-details", - "cisco-spark-update-webhook", - "cisco-spark-delete-webhook", - "cisco-spark-list-organizations", - "cisco-spark-get-organization-details", - "cisco-spark-list-licenses", - "cisco-spark-get-license-details", - "cisco-spark-list-roles", - "cisco-spark-get-role-details", - "cisco-spark-send-message-to-person", + "name": "Cisco Spark", + "commands": [ + "cisco-spark-list-people", + "cisco-spark-create-person", + "cisco-spark-get-person-details", + "cisco-spark-update-person", + "cisco-spark-delete-person", + "cisco-spark-get-own-details", + "cisco-spark-list-rooms", + "cisco-spark-create-room", + "cisco-spark-get-room-details", + "cisco-spark-update-room", + "cisco-spark-delete-room", + "cisco-spark-list-memberships", + "cisco-spark-create-membership", + "cisco-spark-get-membership-details", + "cisco-spark-update-membership", + "cisco-spark-delete-membership", + "cisco-spark-list-messages", + "cisco-spark-create-message", + "cisco-spark-get-message-details", + "cisco-spark-delete-message", + "cisco-spark-list-teams", + "cisco-spark-create-team", + "cisco-spark-get-team-details", + "cisco-spark-update-team", + "cisco-spark-delete-team", + "cisco-spark-list-team-memberships", + "cisco-spark-create-team-membership", + "cisco-spark-get-team-membership-details", + "cisco-spark-update-team-membership", + "cisco-spark-delete-team-membership", + "cisco-spark-list-webhooks", + "cisco-spark-create-webhook", + "cisco-spark-get-webhook-details", + "cisco-spark-update-webhook", + "cisco-spark-delete-webhook", + "cisco-spark-list-organizations", + "cisco-spark-get-organization-details", + "cisco-spark-list-licenses", + "cisco-spark-get-license-details", + "cisco-spark-list-roles", + "cisco-spark-get-role-details", + "cisco-spark-send-message-to-person", "cisco-spark-send-message-to-room" ] } - }, + }, { "ArcSight ESM": { - "name": "ArcSight ESM", - "commands": [ - "as-get-all-cases", - "as-get-case", - "as-get-matrix-data", - "as-add-entries", - "as-clear-entries", - "as-get-entries", - "as-get-security-events", - "as-get-case-event-ids", - "as-update-case", - "as-get-all-query-viewers", + "name": "ArcSight ESM", + "commands": [ + "as-get-all-cases", + "as-get-case", + "as-get-matrix-data", + "as-add-entries", + "as-clear-entries", + "as-get-entries", + "as-get-security-events", + "as-get-case-event-ids", + "as-update-case", + "as-get-all-query-viewers", "as-case-delete" ] } - }, + }, { "Rapid7 Nexpose": { - "name": "Rapid7 Nexpose", - "fromversion": "3.6.0", - "commands": [ - "nexpose-get-asset", - "nexpose-get-assets", - "nexpose-search-assets", - "nexpose-get-scan", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-delete-site", - "nexpose-get-sites", - "nexpose-get-report-templates", - "nexpose-create-assets-report", - "nexpose-create-sites-report", - "nexpose-create-scan-report", - "nexpose-start-site-scan", - "nexpose-start-assets-scan", - "nexpose-stop-scan", - "nexpose-pause-scan", - "nexpose-resume-scan", + "name": "Rapid7 Nexpose", + "fromversion": "3.6.0", + "commands": [ + "nexpose-get-asset", + "nexpose-get-assets", + "nexpose-search-assets", + "nexpose-get-scan", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-delete-site", + "nexpose-get-sites", + "nexpose-get-report-templates", + "nexpose-create-assets-report", + "nexpose-create-sites-report", + "nexpose-create-scan-report", + "nexpose-start-site-scan", + "nexpose-start-assets-scan", + "nexpose-stop-scan", + "nexpose-pause-scan", + "nexpose-resume-scan", "nexpose-get-scans" ] } - }, + }, { "Cylance Protect v2": { - "name": "Cylance Protect v2", - "commands": [ - "cylance-protect-get-devices", - "cylance-protect-get-device", - "cylance-protect-update-device", - "cylance-protect-get-device-threats", - "cylance-protect-get-policies", - "cylance-protect-create-zone", - "cylance-protect-get-zones", - "cylance-protect-get-zone", - "cylance-protect-update-zone", - "cylance-protect-get-threat", - "cylance-protect-get-threat-devices", - "cylance-protect-get-indicators-report", - "cylance-protect-get-threats", - "cylance-protect-update-device-threats", - "cylance-protect-get-list", - "cylance-protect-download-threat", - "cylance-protect-add-hash-to-list", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-get-policy-details", + "name": "Cylance Protect v2", + "commands": [ + "cylance-protect-get-devices", + "cylance-protect-get-device", + "cylance-protect-update-device", + "cylance-protect-get-device-threats", + "cylance-protect-get-policies", + "cylance-protect-create-zone", + "cylance-protect-get-zones", + "cylance-protect-get-zone", + "cylance-protect-update-zone", + "cylance-protect-get-threat", + "cylance-protect-get-threat-devices", + "cylance-protect-get-indicators-report", + "cylance-protect-get-threats", + "cylance-protect-update-device-threats", + "cylance-protect-get-list", + "cylance-protect-download-threat", + "cylance-protect-add-hash-to-list", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-get-policy-details", "cylance-protect-delete-devices" ] } - }, + }, { "Cyber Triage": { - "name": "Cyber Triage", + "name": "Cyber Triage", "commands": [ "ct-triage-endpoint" ] } - }, + }, { "Endgame": { - "name": "Endgame", - "commands": [ - "endgame-deploy", - "endgame-get-deployment-profiles", - "endgame-get-unmanaged-endpoints", - "endgame-get-endpoint-status", - "endgame-create-sensor-profile", - "endgame-get-investigations", - "endgame-create-investigation", - "endgame-get-sensor", - "endgame-investigation-results", + "name": "Endgame", + "commands": [ + "endgame-deploy", + "endgame-get-deployment-profiles", + "endgame-get-unmanaged-endpoints", + "endgame-get-endpoint-status", + "endgame-create-sensor-profile", + "endgame-get-investigations", + "endgame-create-investigation", + "endgame-get-sensor", + "endgame-investigation-results", "endgame-investigation-status" ] } - }, + }, { "Kenna": { - "name": "Kenna", + "name": "Kenna", "commands": [ - "kenna-search-vulnerabilities", - "kenna-get-connectors", - "kenna-run-connector", - "kenna-search-fixes", - "kenna-update-asset", + "kenna-search-vulnerabilities", + "kenna-get-connectors", + "kenna-run-connector", + "kenna-search-fixes", + "kenna-update-asset", "kenna-update-vulnerability" ] } - }, + }, { "Cisco Meraki": { - "name": "Cisco Meraki", - "commands": [ - "meraki-fetch-organizations", - "meraki-get-organization-license-state", - "meraki-fetch-organization-inventory", - "meraki-fetch-networks", - "meraki-fetch-devices", - "meraki-fetch-device-uplink", - "meraki-fetch-ssids", - "meraki-fetch-clients", - "meraki-fetch-firewall-rules", - "meraki-remove-device", - "meraki-get-device", - "meraki-update-device", - "meraki-claim-device", + "name": "Cisco Meraki", + "commands": [ + "meraki-fetch-organizations", + "meraki-get-organization-license-state", + "meraki-fetch-organization-inventory", + "meraki-fetch-networks", + "meraki-fetch-devices", + "meraki-fetch-device-uplink", + "meraki-fetch-ssids", + "meraki-fetch-clients", + "meraki-fetch-firewall-rules", + "meraki-remove-device", + "meraki-get-device", + "meraki-update-device", + "meraki-claim-device", "meraki-update-firewall-rules" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.6.0", - "fromversion": "3.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.6.0", + "fromversion": "3.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AWS Sagemaker": { - "name": "AWS Sagemaker", + "name": "AWS Sagemaker", "commands": [ "predict-phishing" ] } - }, + }, { "VxStream": { - "name": "VxStream", - "commands": [ - "vx-scan", - "crowdstrike-scan", - "vx-get-environments", - "crowdstrike-get-environments", - "vx-submit-sample", - "crowdstrike-submit-sample", - "vx-search", - "crowdstrike-search", - "vx-result", - "crowdstrike-result", - "vx-detonate-file", - "crowdstrike-detonate-file", - "crowdstrike-submit-url", - "crowdstrike-get-screenshots", - "crowdstrike-detonate-url", + "name": "VxStream", + "commands": [ + "vx-scan", + "crowdstrike-scan", + "vx-get-environments", + "crowdstrike-get-environments", + "vx-submit-sample", + "crowdstrike-submit-sample", + "vx-search", + "crowdstrike-search", + "vx-result", + "crowdstrike-result", + "vx-detonate-file", + "crowdstrike-detonate-file", + "crowdstrike-submit-url", + "crowdstrike-get-screenshots", + "crowdstrike-detonate-url", "crowdstrike-submit-file-by-url" ] } - }, + }, { "DomainTools": { - "name": "DomainTools", - "fromversion": "3.0.0", - "commands": [ - "domain", - "domainSearch", - "reverseIP", - "reverseNameServer", - "reverseWhois", - "whois", - "whoisHistory", + "name": "DomainTools", + "fromversion": "3.0.0", + "commands": [ + "domain", + "domainSearch", + "reverseIP", + "reverseNameServer", + "reverseWhois", + "whois", + "whoisHistory", "domainProfile" ] } - }, + }, { "Jask": { - "name": "Jask", - "commands": [ - "jask-get-insight-details", - "jask-get-insight-comments", - "jask-get-signal-details", - "jask-get-entity-details", - "jask-get-related-entities", - "jask-get-whitelisted-entities", - "jask-search-insights", - "jask-search-signals", + "name": "Jask", + "commands": [ + "jask-get-insight-details", + "jask-get-insight-comments", + "jask-get-signal-details", + "jask-get-entity-details", + "jask-get-related-entities", + "jask-get-whitelisted-entities", + "jask-search-insights", + "jask-search-signals", "jask-search-entities" ] } - }, + }, { "Server Message Block (SMB)": { - "name": "Server Message Block (SMB)", + "name": "Server Message Block (SMB)", "commands": [ "smb-download" ] } - }, + }, { "McAfee ESM-v10": { - "name": "McAfee ESM-v10", - "commands": [ - "esm-fetch-fields", - "esm-search", - "esm-fetch-alarms", - "esm-get-case-list", - "esm-add-case", - "esm-edit-case", - "esm-get-case-statuses", - "esm-edit-case-status", - "esm-get-case-detail", - "esm-get-case-event-list", - "esm-add-case-status", - "esm-delete-case-status", - "esm-get-organization-list", - "esm-get-user-list", - "esm-acknowledge-alarms", - "esm-unacknowledge-alarms", - "esm-delete-alarms", - "esm-get-alarm-event-details", + "name": "McAfee ESM-v10", + "commands": [ + "esm-fetch-fields", + "esm-search", + "esm-fetch-alarms", + "esm-get-case-list", + "esm-add-case", + "esm-edit-case", + "esm-get-case-statuses", + "esm-edit-case-status", + "esm-get-case-detail", + "esm-get-case-event-list", + "esm-add-case-status", + "esm-delete-case-status", + "esm-get-organization-list", + "esm-get-user-list", + "esm-acknowledge-alarms", + "esm-unacknowledge-alarms", + "esm-delete-alarms", + "esm-get-alarm-event-details", "esm-list-alarm-events" ] } - }, + }, { "nmap": { - "name": "nmap", + "name": "nmap", "commands": [ "nmap-scan" ] } - }, + }, { "ReversingLabs Titanium Cloud": { - "name": "ReversingLabs Titanium Cloud", + "name": "ReversingLabs Titanium Cloud", "commands": [ "file" ] } - }, + }, { "Farsight DNSDB": { - "name": "Farsight DNSDB", + "name": "Farsight DNSDB", "commands": [ - "dnsdb-rdata", + "dnsdb-rdata", "dnsdb-rrset" ] } - }, + }, { "Symantec MSS": { - "name": "Symantec MSS", + "name": "Symantec MSS", "commands": [ - "symantec-mss-update-incident", - "symantec-mss-get-incident", + "symantec-mss-update-incident", + "symantec-mss-get-incident", "symantec-mss-incidents-list" ] } - }, + }, { "EWS Mail Sender": { - "name": "EWS Mail Sender", + "name": "EWS Mail Sender", "commands": [ "send-mail" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "fromversion": "4.0.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", - "detonate-file-remote", + "name": "WildFire", + "fromversion": "4.0.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", + "detonate-file-remote", "wildfire-upload-file-remote" ] } - }, + }, { "WildFire": { - "name": "WildFire", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "wildfire-report", - "file", - "wildfire-upload", - "detonate-file", + "name": "WildFire", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "wildfire-report", + "file", + "wildfire-upload", + "detonate-file", "detonate-file-remote" ] } - }, + }, { "AlienVault OTX": { - "name": "AlienVault OTX", - "fromversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienVault OTX", + "fromversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "Windows Defender Advanced Threat Protection": { - "name": "Windows Defender Advanced Threat Protection", - "commands": [ - "microsoft-atp-isolate-machine", - "microsoft-atp-unisolate-machine", - "microsoft-atp-get-machines", - "microsoft-atp-get-file-related-machines", - "microsoft-atp-get-machine-details", - "microsoft-atp-run-antivirus-scan", + "name": "Windows Defender Advanced Threat Protection", + "commands": [ + "microsoft-atp-isolate-machine", + "microsoft-atp-unisolate-machine", + "microsoft-atp-get-machines", + "microsoft-atp-get-file-related-machines", + "microsoft-atp-get-machine-details", + "microsoft-atp-run-antivirus-scan", "microsoft-atp-list-alerts" ] } - }, + }, { "Mail Sender (New)": { - "name": "Mail Sender (New)", + "name": "Mail Sender (New)", "commands": [ "send-mail" ] } - }, + }, { "Attivo Botsink": { - "name": "Attivo Botsink", - "commands": [ - "attivo-check-user", - "attivo-check-host", - "attivo-run-playbook", - "attivo-deploy-decoy", - "attivo-get-events", - "attivo-list-playbooks", - "attivo-list-hosts", + "name": "Attivo Botsink", + "commands": [ + "attivo-check-user", + "attivo-check-host", + "attivo-run-playbook", + "attivo-deploy-decoy", + "attivo-get-events", + "attivo-list-playbooks", + "attivo-list-hosts", "attivo-list-users" ] } - }, + }, { "Sample Incident Generator": { "name": "Sample Incident Generator" } - }, + }, { "Hybrid Analysis": { - "name": "Hybrid Analysis", - "fromversion": "3.6.1", + "name": "Hybrid Analysis", + "fromversion": "3.6.1", "commands": [ - "hybrid-analysis-scan", - "hybrid-analysis-submit-sample", - "hybrid-analysis-search", + "hybrid-analysis-scan", + "hybrid-analysis-submit-sample", + "hybrid-analysis-search", "hybrid-analysis-detonate-file" ] } - }, + }, { "Anomali ThreatStream": { - "name": "Anomali ThreatStream", + "name": "Anomali ThreatStream", "commands": [ - "threatstream-intelligence", - "domain", - "file", - "threatstream-email-reputation", + "threatstream-intelligence", + "domain", + "file", + "threatstream-email-reputation", "ip" ] } - }, + }, { "PacketMail": { - "name": "PacketMail", + "name": "PacketMail", "commands": [ "packetmail-ip" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "toversion": "3.1.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "toversion": "3.1.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "Cisco Umbrella Investigate": { - "name": "Cisco Umbrella Investigate", - "commands": [ - "umbrella-domain-categorization", - "investigate-umbrella-domain-categorization", - "umbrella-domain-co-occurrences", - "investigate-umbrella-domain-co-occurrences", - "umbrella-domain-related", - "investigate-umbrella-domain-related", - "umbrella-domain-security", - "investigate-umbrella-domain-security", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-dns-history", - "umbrella-ip-dns-history", - "investigate-umbrella-ip-dns-history", - "investigate-umbrella-ip-malicious-domains", - "umbrella-ip-malicious-domains", - "umbrella-domain-search", - "investigate-umbrella-domain-search", - "domain", - "umbrella-get-related-domains", - "umbrella-get-domain-classifiers", - "umbrella-get-domain-queryvolume", - "umbrella-get-domain-details", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-get-whois-for-domain", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-using-regex", - "umbrella-get-domain-timeline", - "umbrella-get-ip-timeline", + "name": "Cisco Umbrella Investigate", + "commands": [ + "umbrella-domain-categorization", + "investigate-umbrella-domain-categorization", + "umbrella-domain-co-occurrences", + "investigate-umbrella-domain-co-occurrences", + "umbrella-domain-related", + "investigate-umbrella-domain-related", + "umbrella-domain-security", + "investigate-umbrella-domain-security", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-dns-history", + "umbrella-ip-dns-history", + "investigate-umbrella-ip-dns-history", + "investigate-umbrella-ip-malicious-domains", + "umbrella-ip-malicious-domains", + "umbrella-domain-search", + "investigate-umbrella-domain-search", + "domain", + "umbrella-get-related-domains", + "umbrella-get-domain-classifiers", + "umbrella-get-domain-queryvolume", + "umbrella-get-domain-details", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-get-whois-for-domain", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-using-regex", + "umbrella-get-domain-timeline", + "umbrella-get-ip-timeline", "umbrella-get-url-timeline" ] } - }, + }, { "Carbon Black Defense": { - "name": "Carbon Black Defense", - "commands": [ - "cbd-get-devices-status", - "cbd-get-device-status", - "cbd-change-device-status", - "cbd-find-events", - "cbd-find-event", - "cbd-find-processes", - "cbd-get-alert-details", - "cbd-get-policies", - "cbd-get-policy", - "cbd-create-policy", - "cbd-update-policy", - "cbd-delete-policy", - "cbd-add-rule-to-policy", - "cbd-delete-rule-from-policy", - "cbd-update-rule-in-policy", + "name": "Carbon Black Defense", + "commands": [ + "cbd-get-devices-status", + "cbd-get-device-status", + "cbd-change-device-status", + "cbd-find-events", + "cbd-find-event", + "cbd-find-processes", + "cbd-get-alert-details", + "cbd-get-policies", + "cbd-get-policy", + "cbd-create-policy", + "cbd-update-policy", + "cbd-delete-policy", + "cbd-add-rule-to-policy", + "cbd-delete-rule-from-policy", + "cbd-update-rule-in-policy", "cbd-set-policy" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "toversion": "3.1.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "toversion": "3.1.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "OPSWAT-Metadefender": { - "name": "OPSWAT-Metadefender", + "name": "OPSWAT-Metadefender", "commands": [ - "opswat-hash", - "opswat-scan-file", + "opswat-hash", + "opswat-scan-file", "opswat-scan-result" ] } - }, + }, { "ActiveMQ": { - "name": "ActiveMQ", + "name": "ActiveMQ", "commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "Cisco Email Security Appliance (IronPort)": { - "name": "Cisco Email Security Appliance (IronPort)", + "name": "Cisco Email Security Appliance (IronPort)", "commands": [ "ironport-report" ] } - }, + }, { "Qualys": { - "name": "Qualys", - "fromversion": "3.5.0", - "commands": [ - "qualys-report-list", - "qualys-report-cancel", - "qualys-report-delete", - "qualys-scorecard-launch", - "qualys-report-fetch", - "qualys-vm-scan-list", - "qualys-vm-scan-launch", - "qualys-vm-scan-action", - "qualys-scap-scan-list", - "qualys-pc-scan-launch", - "qualys-pc-scan-manage", - "qualys-schedule-scan-list", - "qualys-ip-list", - "qualys-ip-add", - "qualys-ip-update", - "qualys-virtual-host-list", - "qualys-virtual-host-manage", - "qualys-host-excluded-list", - "qualys-host-excluded-manage", - "qualys-scheduled-report-list", - "qualys-scheduled-report-launch", - "qualys-host-list", - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-report-launch-map", - "qualys-report-launch-scan-based-findings", - "qualys-report-launch-host-based-findings", - "qualys-report-launch-patch", - "qualys-report-launch-remediation", - "qualys-report-launch-compliance", - "qualys-report-launch-compliance-policy", - "qualys-vulnerability-list", - "qualys-group-list", - "qualys-vm-scan-fetch", + "name": "Qualys", + "fromversion": "3.5.0", + "commands": [ + "qualys-report-list", + "qualys-report-cancel", + "qualys-report-delete", + "qualys-scorecard-launch", + "qualys-report-fetch", + "qualys-vm-scan-list", + "qualys-vm-scan-launch", + "qualys-vm-scan-action", + "qualys-scap-scan-list", + "qualys-pc-scan-launch", + "qualys-pc-scan-manage", + "qualys-schedule-scan-list", + "qualys-ip-list", + "qualys-ip-add", + "qualys-ip-update", + "qualys-virtual-host-list", + "qualys-virtual-host-manage", + "qualys-host-excluded-list", + "qualys-host-excluded-manage", + "qualys-scheduled-report-list", + "qualys-scheduled-report-launch", + "qualys-host-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-report-launch-map", + "qualys-report-launch-scan-based-findings", + "qualys-report-launch-host-based-findings", + "qualys-report-launch-patch", + "qualys-report-launch-remediation", + "qualys-report-launch-compliance", + "qualys-report-launch-compliance-policy", + "qualys-vulnerability-list", + "qualys-group-list", + "qualys-vm-scan-fetch", "qualys-pc-scan-fetch" ] } - }, + }, { "IsItPhishing": { - "name": "IsItPhishing", + "name": "IsItPhishing", "commands": [ "url" ] } - }, + }, { "okta": { - "name": "okta", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", + "name": "okta", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", "okta-update-user" ] } - }, + }, { "AWS - EC2": { - "name": "AWS - EC2", - "commands": [ - "aws-ec2-describe-instances", - "aws-ec2-describe-images", - "aws-ec2-describe-regions", - "aws-ec2-describe-addresses", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-volumes", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-subnets", - "aws-ec2-describe-security-groups", - "aws-ec2-allocate-address", - "aws-ec2-associate-address", - "aws-ec2-create-snapshot", - "aws-ec2-delete-snapshot", - "aws-ec2-create-image", - "aws-ec2-deregister-image", - "aws-ec2-modify-volume", - "aws-ec2-create-tags", - "aws-ec2-disassociate-address", - "aws-ec2-release-address", - "aws-ec2-start-instances", - "aws-ec2-stop-instances", - "aws-ec2-terminate-instances", - "aws-ec2-create-volume", - "aws-ec2-attach-volume", - "aws-ec2-detach-volume", - "aws-ec2-delete-volume", - "aws-ec2-run-instances", - "aws-ec2-waiter-instance-running", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-waiter-image-available", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-get-latest-ami", - "aws-ec2-create-security-group", - "aws-ec2-delete-security-group", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-copy-image", - "aws-ec2-copy-snapshot", - "aws-ec2-describe-reserved-instances", - "aws-ec2-monitor-instances", - "aws-ec2-unmonitor-instances", - "aws-ec2-reboot-instances", - "aws-ec2-get-password-data", - "aws-ec2-modify-network-interface-attribute", + "name": "AWS - EC2", + "commands": [ + "aws-ec2-describe-instances", + "aws-ec2-describe-images", + "aws-ec2-describe-regions", + "aws-ec2-describe-addresses", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-volumes", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-subnets", + "aws-ec2-describe-security-groups", + "aws-ec2-allocate-address", + "aws-ec2-associate-address", + "aws-ec2-create-snapshot", + "aws-ec2-delete-snapshot", + "aws-ec2-create-image", + "aws-ec2-deregister-image", + "aws-ec2-modify-volume", + "aws-ec2-create-tags", + "aws-ec2-disassociate-address", + "aws-ec2-release-address", + "aws-ec2-start-instances", + "aws-ec2-stop-instances", + "aws-ec2-terminate-instances", + "aws-ec2-create-volume", + "aws-ec2-attach-volume", + "aws-ec2-detach-volume", + "aws-ec2-delete-volume", + "aws-ec2-run-instances", + "aws-ec2-waiter-instance-running", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-waiter-image-available", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-get-latest-ami", + "aws-ec2-create-security-group", + "aws-ec2-delete-security-group", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-copy-image", + "aws-ec2-copy-snapshot", + "aws-ec2-describe-reserved-instances", + "aws-ec2-monitor-instances", + "aws-ec2-unmonitor-instances", + "aws-ec2-reboot-instances", + "aws-ec2-get-password-data", + "aws-ec2-modify-network-interface-attribute", "aws-ec2-modify-instance-attribute" ] } - }, + }, { "Blockade.io": { - "name": "Blockade.io", + "name": "Blockade.io", "commands": [ - "blockade-get-indicators", + "blockade-get-indicators", "blockade-add-indicators" ] } - }, + }, { "AlphaSOC Network Behavior Analytics": { "name": "AlphaSOC Network Behavior Analytics" } - }, + }, { "Recorded Future": { - "name": "Recorded Future", + "name": "Recorded Future", "commands": [ - "domain", - "ip", - "file", + "domain", + "ip", + "file", "recorded-future-get-related-entities" ] } - }, + }, { "CVE Search": { - "name": "CVE Search", + "name": "CVE Search", "commands": [ - "cve-search", + "cve-search", "cve-latest" ] } - }, + }, { "SNDBOX": { - "name": "SNDBOX", + "name": "SNDBOX", "commands": [ - "sndbox-is-online", - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-report", - "sndbox-detonate-file", + "sndbox-is-online", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-report", + "sndbox-detonate-file", "sndbox-download-sample" ] } - }, + }, { "Demisto Lock": { - "name": "Demisto Lock", + "name": "Demisto Lock", "commands": [ - "demisto-lock-get", - "demisto-lock-release", - "demisto-lock-info", + "demisto-lock-get", + "demisto-lock-release", + "demisto-lock-info", "demisto-lock-release-all" ] } - }, + }, { "F5 firewall": { - "name": "F5 firewall", - "commands": [ - "f5-create-policy", - "f5-create-rule", - "f5-list-rules", - "f5-modify-rule", - "f5-del-rule", - "f5-modify-global-policy", - "f5-show-global-policy", - "f5-del-policy", + "name": "F5 firewall", + "commands": [ + "f5-create-policy", + "f5-create-rule", + "f5-list-rules", + "f5-modify-rule", + "f5-del-rule", + "f5-modify-global-policy", + "f5-show-global-policy", + "f5-del-policy", "f5-list-all-user-sessions" ] } - }, + }, { "MimecastV2": { - "name": "MimecastV2", - "commands": [ - "mimecast-query", - "mimecast-list-blocked-sender-policies", - "mimecast-get-policy", - "mimecast-create-policy", - "mimecast-delete-policy", - "mimecast-manage-sender", - "mimecast-list-managed-url", - "mimecast-create-managed-url", - "mimecast-list-messages", - "mimecast-get-attachment-logs", - "mimecast-get-url-logs", - "mimecast-get-impersonation-logs", - "mimecast-url-decode", - "mimecast-discover", - "mimecast-refresh-token", - "mimecast-login", - "mimecast-get-message", + "name": "MimecastV2", + "commands": [ + "mimecast-query", + "mimecast-list-blocked-sender-policies", + "mimecast-get-policy", + "mimecast-create-policy", + "mimecast-delete-policy", + "mimecast-manage-sender", + "mimecast-list-managed-url", + "mimecast-create-managed-url", + "mimecast-list-messages", + "mimecast-get-attachment-logs", + "mimecast-get-url-logs", + "mimecast-get-impersonation-logs", + "mimecast-url-decode", + "mimecast-discover", + "mimecast-refresh-token", + "mimecast-login", + "mimecast-get-message", "mimecast-download-attachments" ] } - }, + }, { "Zendesk": { - "name": "Zendesk", - "toversion": "3.1.0", - "commands": [ - "zendesk-create-ticket", - "zendesk-list-tickets", - "zendesk-ticket-details", - "zendesk-update-ticket", - "zendesk-add-comment", - "zendesk-list-agents", - "zendesk-get-attachment", - "zendesk-clear-cache", - "zendesk-add-user", + "name": "Zendesk", + "toversion": "3.1.0", + "commands": [ + "zendesk-create-ticket", + "zendesk-list-tickets", + "zendesk-ticket-details", + "zendesk-update-ticket", + "zendesk-add-comment", + "zendesk-list-agents", + "zendesk-get-attachment", + "zendesk-clear-cache", + "zendesk-add-user", "zendesk-get-article" ] } - }, + }, { "RedCanary": { - "name": "RedCanary", - "commands": [ - "redcanary-acknowledge-detection", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-execute-playbook", - "redcanary-get-endpoint", - "redcanary-get-endpoint-detections", + "name": "RedCanary", + "commands": [ + "redcanary-acknowledge-detection", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-execute-playbook", + "redcanary-get-endpoint", + "redcanary-get-endpoint-detections", "redcanary-get-detection" ] } - }, + }, { "Joe Security": { - "name": "Joe Security", - "commands": [ - "joe-is-online", - "joe-analysis-submit-url", - "joe-detonate-url", - "joe-analysis-info", - "joe-list-analysis", - "joe-analysis-submit-sample", - "joe-download-report", - "joe-detonate-file", - "joe-search", + "name": "Joe Security", + "commands": [ + "joe-is-online", + "joe-analysis-submit-url", + "joe-detonate-url", + "joe-analysis-info", + "joe-list-analysis", + "joe-analysis-submit-sample", + "joe-download-report", + "joe-detonate-file", + "joe-search", "joe-download-sample" ] } - }, + }, { "AWS - CloudTrail": { - "name": "AWS - CloudTrail", - "commands": [ - "aws-cloudtrail-create-trail", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-start-logging", - "aws-cloudtrail-stop-logging", + "name": "AWS - CloudTrail", + "commands": [ + "aws-cloudtrail-create-trail", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-start-logging", + "aws-cloudtrail-stop-logging", "aws-cloudtrail-lookup-events" ] } - }, + }, { "ThreatExchange": { - "name": "ThreatExchange", - "fromversion": "2.5.0", - "commands": [ - "file", - "ip", - "url", - "domain", - "threatexchange-query", + "name": "ThreatExchange", + "fromversion": "2.5.0", + "commands": [ + "file", + "ip", + "url", + "domain", + "threatexchange-query", "threatexchange-members" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "toversion": "3.5.1", - "fromversion": "3.1.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket-count", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", + "name": "Dell Secureworks", + "toversion": "3.5.1", + "fromversion": "3.1.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket-count", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", "secure-works-get-tickets-ids" ] } - }, + }, { "Amazon Web Services": { - "name": "Amazon Web Services", - "fromversion": "1.6.2", - "commands": [ - "aws-run-instance", - "aws-stop-instance", - "aws-create-image", - "aws-start-instance", - "aws-create-volume-snapshot", - "aws-get-instance-info", - "aws-get-sg-info", + "name": "Amazon Web Services", + "fromversion": "1.6.2", + "commands": [ + "aws-run-instance", + "aws-stop-instance", + "aws-create-image", + "aws-start-instance", + "aws-create-volume-snapshot", + "aws-get-instance-info", + "aws-get-sg-info", "aws-get-ebs-volume-info" ] } - }, + }, { "ArcSight XML": { - "name": "ArcSight XML", + "name": "ArcSight XML", "commands": [ - "arcsight-update-case", + "arcsight-update-case", "arcsight-fetch-xml" ] } - }, + }, { "VirusTotal": { - "name": "VirusTotal", - "commands": [ - "file", - "ip", - "url", - "domain", - "file-scan", - "file-rescan", - "url-scan", - "vt-comments-add", - "vt-file-scan-upload-url", + "name": "VirusTotal", + "commands": [ + "file", + "ip", + "url", + "domain", + "file-scan", + "file-rescan", + "url-scan", + "vt-comments-add", + "vt-file-scan-upload-url", "vt-comments-get" ] } - }, + }, { "MxToolBox": { - "name": "MxToolBox", + "name": "MxToolBox", "commands": [ "mxtoolbox" ] } - }, + }, { "Check Point Sandblast Appliance": { - "name": "Check Point Sandblast Appliance", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", + "name": "Check Point Sandblast Appliance", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", "sandblast-download" ] } - }, + }, { "LightCyber Magna": { - "name": "LightCyber Magna", - "commands": [ - "lcm-version", - "lcm-entities", - "lcm-indicators", - "lcm-hosts", - "lcm-hostbyip", - "lcm-hostbyname", - "lcm-pathfinder-scan", - "lcm-sandbox-report", - "lcm-daily-report", - "lcm-host-artifacts", - "lcm-resolve-host", - "lcm-unresolve-host", - "lcm-set-host-comment", - "lcm-acknowledge-host", - "lcm-resolve-user", - "lcm-unresolve-user", - "lcm-set-user-comment", - "lcm-acknowledge-user", - "lcm-domain", - "lcm-executablebymd5", - "lcm-executablebyname", - "lcm-indicatorsforentity", - "lcm-host-opened-ports", - "lcm-host-suspicious-artifacts", - "lcm-host-processes", - "lcm-host-loaded-modules", - "lcm-host-processes-internet-connections", + "name": "LightCyber Magna", + "commands": [ + "lcm-version", + "lcm-entities", + "lcm-indicators", + "lcm-hosts", + "lcm-hostbyip", + "lcm-hostbyname", + "lcm-pathfinder-scan", + "lcm-sandbox-report", + "lcm-daily-report", + "lcm-host-artifacts", + "lcm-resolve-host", + "lcm-unresolve-host", + "lcm-set-host-comment", + "lcm-acknowledge-host", + "lcm-resolve-user", + "lcm-unresolve-user", + "lcm-set-user-comment", + "lcm-acknowledge-user", + "lcm-domain", + "lcm-executablebymd5", + "lcm-executablebyname", + "lcm-indicatorsforentity", + "lcm-host-opened-ports", + "lcm-host-suspicious-artifacts", + "lcm-host-processes", + "lcm-host-loaded-modules", + "lcm-host-processes-internet-connections", "lcm-host-autoruns" ] } - }, + }, { "Packetsled": { - "name": "Packetsled", + "name": "Packetsled", "commands": [ - "packetsled-get-incidents", - "packetsled-sensors", - "packetsled-get-flows", - "packetsled-get-files", - "packetsled-get-pcaps", + "packetsled-get-incidents", + "packetsled-sensors", + "packetsled-get-flows", + "packetsled-get-files", + "packetsled-get-pcaps", "packetsled-get-events" ] } - }, + }, { "Censys": { - "name": "Censys", + "name": "Censys", "commands": [ - "cen-view", + "cen-view", "cen-search" ] } - }, + }, { "Imperva Skyfence": { - "name": "Imperva Skyfence", + "name": "Imperva Skyfence", "commands": [ - "imp-sf-list-endpoints", + "imp-sf-list-endpoints", "imp-sf-set-endpoint-status" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "fromversion": "3.5.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "fromversion": "3.5.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "Palo Alto Minemeld": { - "name": "Palo Alto Minemeld", - "commands": [ - "minemeld-add-to-miner", - "minemeld-remove-from-miner", - "minemeld-retrieve-miner", - "minemeld-get-indicator-from-miner", - "ip", - "file", - "domain", - "url", + "name": "Palo Alto Minemeld", + "commands": [ + "minemeld-add-to-miner", + "minemeld-remove-from-miner", + "minemeld-retrieve-miner", + "minemeld-get-indicator-from-miner", + "ip", + "file", + "domain", + "url", "minemeld-get-all-miners-names" ] } - }, + }, { "GoogleSafeBrowsing": { - "name": "GoogleSafeBrowsing", + "name": "GoogleSafeBrowsing", "commands": [ "url" ] } - }, + }, { "Salesforce": { - "name": "Salesforce", - "commands": [ - "salesforce-search", - "salesforce-query", - "salesforce-get-object", - "salesforce-update-object", - "salesforce-create-object", - "salesforce-push-comment", - "salesforce-get-case", - "salesforce-create-case", - "salesforce-update-case", - "salesforce-get-cases", - "salesforce-close-case", - "salesforce-push-comment-threads", + "name": "Salesforce", + "commands": [ + "salesforce-search", + "salesforce-query", + "salesforce-get-object", + "salesforce-update-object", + "salesforce-create-object", + "salesforce-push-comment", + "salesforce-get-case", + "salesforce-create-case", + "salesforce-update-case", + "salesforce-get-cases", + "salesforce-close-case", + "salesforce-push-comment-threads", "salesforce-delete-case" ] } - }, + }, { "SCADAfence CNM": { - "name": "SCADAfence CNM", - "commands": [ - "scadafence-getAlerts", - "scadafence-getAsset", - "scadafence-setAlertStatus", - "scadafence-getAssetConnections", - "scadafence-getAssetTraffic", - "scadafence-createAlert", + "name": "SCADAfence CNM", + "commands": [ + "scadafence-getAlerts", + "scadafence-getAsset", + "scadafence-setAlertStatus", + "scadafence-getAssetConnections", + "scadafence-getAssetTraffic", + "scadafence-createAlert", "scadafence-getAllConnections" ] } - }, + }, { "HashiCorp Vault": { - "name": "HashiCorp Vault", - "commands": [ - "hashicorp-list-secrets-engines", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-delete-secret", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-disable-engine", - "hashicorp-enable-engine", - "hashicorp-list-policies", - "hashicorp-get-policy", - "hashicorp-seal-vault", - "hashicorp-unseal-vault", - "hashicorp-configure-engine", - "hashicorp-reset-configuration", + "name": "HashiCorp Vault", + "commands": [ + "hashicorp-list-secrets-engines", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-delete-secret", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-disable-engine", + "hashicorp-enable-engine", + "hashicorp-list-policies", + "hashicorp-get-policy", + "hashicorp-seal-vault", + "hashicorp-unseal-vault", + "hashicorp-configure-engine", + "hashicorp-reset-configuration", "hashicorp-create-token" ] } - }, + }, { "Proofpoint TAP": { - "name": "Proofpoint TAP", + "name": "Proofpoint TAP", "commands": [ "proofpoint-get-events" ] } - }, + }, { "Threat Grid": { - "name": "Threat Grid", - "toversion": "3.1.0", - "commands": [ - "threat-grid-feeds-ip", - "threat-grid-feeds-domain", - "threat-grid-feeds-url", - "threat-grid-feeds-path", - "threat-grid-feeds-artifacts", - "threat-grid-feeds-network-stream", - "threat-grid-feeds-registry-key", - "threat-grid-get-samples", - "threat-grid-get-sample-by-id", - "threat-grid-get-sample-state-by-id", - "threat-grid-get-samples-state", - "threat-grid-upload-sample", - "threat-grid-search-submissions", - "threat-grid-get-video-by-id", - "threat-grid-get-analysis-by-id", - "threat-grid-get-processes-by-id", - "threat-grid-get-pcap-by-id", - "threat-grid-get-warnings-by-id", - "threat-grid-get-summary-by-id", - "threat-grid-get-threat-summary-by-id", - "threat-grid-get-html-report-by-id", - "threat-grid-download-sample-by-id", - "threat-grid-get-analysis-iocs", - "threat-grid-get-analysis-ioc", - "threat-grid-get-analysis-network-streams", - "threat-grid-get-analysis-artifacts", - "threat-grid-get-analysis-network-stream", - "threat-grid-get-analysis-artifact", - "threat-grid-get-analysis-processes", - "threat-grid-get-analysis-process", - "threat-grid-get-analysis-annotations", - "threat-grid-get-analysis-metadata", - "threat-grid-download-artifact", - "threat-grid-who-am-i", - "threat-grid-user-get-rate-limit", + "name": "Threat Grid", + "toversion": "3.1.0", + "commands": [ + "threat-grid-feeds-ip", + "threat-grid-feeds-domain", + "threat-grid-feeds-url", + "threat-grid-feeds-path", + "threat-grid-feeds-artifacts", + "threat-grid-feeds-network-stream", + "threat-grid-feeds-registry-key", + "threat-grid-get-samples", + "threat-grid-get-sample-by-id", + "threat-grid-get-sample-state-by-id", + "threat-grid-get-samples-state", + "threat-grid-upload-sample", + "threat-grid-search-submissions", + "threat-grid-get-video-by-id", + "threat-grid-get-analysis-by-id", + "threat-grid-get-processes-by-id", + "threat-grid-get-pcap-by-id", + "threat-grid-get-warnings-by-id", + "threat-grid-get-summary-by-id", + "threat-grid-get-threat-summary-by-id", + "threat-grid-get-html-report-by-id", + "threat-grid-download-sample-by-id", + "threat-grid-get-analysis-iocs", + "threat-grid-get-analysis-ioc", + "threat-grid-get-analysis-network-streams", + "threat-grid-get-analysis-artifacts", + "threat-grid-get-analysis-network-stream", + "threat-grid-get-analysis-artifact", + "threat-grid-get-analysis-processes", + "threat-grid-get-analysis-process", + "threat-grid-get-analysis-annotations", + "threat-grid-get-analysis-metadata", + "threat-grid-download-artifact", + "threat-grid-who-am-i", + "threat-grid-user-get-rate-limit", "threat-grid-get-specific-feed" ] } - }, + }, { "iDefense": { - "name": "iDefense", + "name": "iDefense", "commands": [ - "ip", - "domain", - "url", - "idefense-general", + "ip", + "domain", + "url", + "idefense-general", "uuid" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Venafi": { - "name": "Venafi", + "name": "Venafi", "commands": [ - "venafi-get-certificates", + "venafi-get-certificates", "venafi-get-certificate-details" ] } - }, + }, { "CyberArkAIM": { - "name": "CyberArkAIM", + "name": "CyberArkAIM", "commands": [ - "cyber-ark-aim-query", - "list-credentials", - "reset-credentials", + "cyber-ark-aim-query", + "list-credentials", + "reset-credentials", "account-details" ] } - }, + }, { "Autofocus": { - "name": "Autofocus", + "name": "Autofocus", "commands": [ - "autofocus-search-samples", - "autofocus-search-sessions", - "autofocus-session", - "autofocus-sample-analysis", + "autofocus-search-samples", + "autofocus-search-sessions", + "autofocus-session", + "autofocus-sample-analysis", "file" ] } - }, + }, { "AbuseIPDB": { - "name": "AbuseIPDB", + "name": "AbuseIPDB", "commands": [ - "ip", - "abuseipdb-check-cidr-block", - "abuseipdb-report-ip", - "abuseipdb-get-blacklist", + "ip", + "abuseipdb-check-cidr-block", + "abuseipdb-report-ip", + "abuseipdb-get-blacklist", "abuseipdb-get-categories" ] } - }, + }, { "McAfee Threat Intelligence Exchange": { - "name": "McAfee Threat Intelligence Exchange", + "name": "McAfee Threat Intelligence Exchange", "commands": [ - "file", - "tie-set-file-reputation", + "file", + "tie-set-file-reputation", "tie-file-references" ] } - }, + }, { "Check Point": { - "name": "Check Point", - "commands": [ - "checkpoint-show-access-rule-base", - "checkpoint-set-rule", - "checkpoint-task-status", - "checkpoint-show-hosts", - "checkpoint-block-ip", - "checkpoint", + "name": "Check Point", + "commands": [ + "checkpoint-show-access-rule-base", + "checkpoint-set-rule", + "checkpoint-task-status", + "checkpoint-show-hosts", + "checkpoint-block-ip", + "checkpoint", "checkpoint-delete-rule" ] } - }, + }, { "PagerDuty v2": { - "name": "PagerDuty v2", - "commands": [ - "PagerDuty-get-all-schedules", - "PagerDuty-get-users-on-call", - "PagerDuty-get-users-on-call-now", - "PagerDuty-incidents", - "PagerDuty-submit-event", - "PagerDuty-get-contact-methods", - "PagerDuty-get-users-notification", - "PagerDuty-resolve-event", + "name": "PagerDuty v2", + "commands": [ + "PagerDuty-get-all-schedules", + "PagerDuty-get-users-on-call", + "PagerDuty-get-users-on-call-now", + "PagerDuty-incidents", + "PagerDuty-submit-event", + "PagerDuty-get-contact-methods", + "PagerDuty-get-users-notification", + "PagerDuty-resolve-event", "PagerDuty-acknowledge-event" ] } - }, + }, { "Gmail": { - "name": "Gmail", - "commands": [ - "gmail-delete-user", - "gmail-get-tokens-for-user", - "gmail-get-user", - "gmail-get-user-roles", - "gmail-get-attachments", - "gmail-get-mail", - "gmail-search", - "gmail-search-all-mailboxes", - "gmail-list-users", - "gmail-revoke-user-role", - "gmail-create-user", - "gmail-delete-mail", - "gmail-get-thread", - "gmail-move-mail", - "gmail-move-mail-to-mailbox", - "gmail-add-delete-filter", + "name": "Gmail", + "commands": [ + "gmail-delete-user", + "gmail-get-tokens-for-user", + "gmail-get-user", + "gmail-get-user-roles", + "gmail-get-attachments", + "gmail-get-mail", + "gmail-search", + "gmail-search-all-mailboxes", + "gmail-list-users", + "gmail-revoke-user-role", + "gmail-create-user", + "gmail-delete-mail", + "gmail-get-thread", + "gmail-move-mail", + "gmail-move-mail-to-mailbox", + "gmail-add-delete-filter", "gmail-add-filter" ] } - }, + }, { "Centreon": { - "name": "Centreon", + "name": "Centreon", "commands": [ - "centreon-get-host-status", + "centreon-get-host-status", "centreon-get-service-status" ] } - }, + }, { "RSA NetWitness Endpoint": { - "name": "RSA NetWitness Endpoint", - "commands": [ - "netwitness-get-machines", - "netwitness-get-machine", - "netwitness-get-machine-iocs", - "netwitness-get-machine-modules", - "netwitness-get-machine-module", - "netwitness-blacklist-ips", + "name": "RSA NetWitness Endpoint", + "commands": [ + "netwitness-get-machines", + "netwitness-get-machine", + "netwitness-get-machine-iocs", + "netwitness-get-machine-modules", + "netwitness-get-machine-module", + "netwitness-blacklist-ips", "netwitness-blacklist-domains" ] } - }, + }, { "PassiveTotal": { - "name": "PassiveTotal", - "commands": [ - "pt-get-subdomains", - "pt-account", - "pt-monitors", - "pt-passive-dns", - "pt-passive-unique", - "pt-dns-keyword", - "pt-enrichment", - "pt-malware", - "url", - "domain", - "ip", - "pt-osint", - "pt-whois", - "pt-whois-keyword", - "pt-whois-search", - "pt-get-components", - "pt-get-pairs", - "pt-ssl-cert", - "pt-ssl-cert-history", - "pt-ssl-cert-keyword", + "name": "PassiveTotal", + "commands": [ + "pt-get-subdomains", + "pt-account", + "pt-monitors", + "pt-passive-dns", + "pt-passive-unique", + "pt-dns-keyword", + "pt-enrichment", + "pt-malware", + "url", + "domain", + "ip", + "pt-osint", + "pt-whois", + "pt-whois-keyword", + "pt-whois-search", + "pt-get-components", + "pt-get-pairs", + "pt-ssl-cert", + "pt-ssl-cert-history", + "pt-ssl-cert-keyword", "pt-ssl-cert-search" ] } - }, + }, { "ProtectWise": { - "name": "ProtectWise", - "toversion": "3.1.0", - "commands": [ - "sensors", - "protectwise-show-sensors", - "search", - "protectwise-search-events", - "pw-event-get", - "protectwise-event-info", - "observation-search", - "protectwise-search-observations", - "pw-observation-get", - "protectwise-observation-info", - "event-pcap-download", - "protectwise-event-pcap-download", - "event-pcap-info", - "protectwise-event-pcap-info", - "observation-pcap-download", - "protectwise-observation-pcap-download", - "observation-pcap-info", - "protectwise-observation-pcap-info", + "name": "ProtectWise", + "toversion": "3.1.0", + "commands": [ + "sensors", + "protectwise-show-sensors", + "search", + "protectwise-search-events", + "pw-event-get", + "protectwise-event-info", + "observation-search", + "protectwise-search-observations", + "pw-observation-get", + "protectwise-observation-info", + "event-pcap-download", + "protectwise-event-pcap-download", + "event-pcap-info", + "protectwise-event-pcap-info", + "observation-pcap-download", + "protectwise-observation-pcap-download", + "observation-pcap-info", + "protectwise-observation-pcap-info", "get-token" ] } - }, + }, { "SentinelOne": { - "name": "SentinelOne", - "fromversion": "3.1.0", - "commands": [ - "so-activities", - "so-count-by-filters", - "so-agents-count", - "so-agent-decommission", - "so-get-agent", - "so-agents-query", - "so-get-agent-processes", - "so-agent-recommission", - "so-agent-unquarentine", - "so-agent-shutdown", - "so-agent-uninstall", - "so-agents-broadcast", - "so-agents-connect", - "so-agent-quarentine", - "so-agents-decommission", - "so-agents-disconnect", - "so-agents-fetch-logs", - "so-agents-shutdown", - "so-agents-uninstall", - "so-agents-upgrade-software", - "so-create-exclusion-list", - "so-delete-exclusion-list", - "so-get-exclusion-list", - "so-get-exclusion-lists", - "so-update-exclusion-list", - "so-get-groups", - "so-create-group", - "so-get-group", - "so-update-group", - "so-delete-group", - "so-add-agent-to-group", - "so-set-cloud-intelligence", - "so-create-hash", - "so-delete-hash", - "so-get-hash-reputation", - "so-get-hash", - "so-get-hashes", - "so-update-hash", - "so-get-policies", - "so-create-policy", - "so-get-policy", - "so-update-policy", - "so-delete-policy", - "so-get-threat", - "so-get-threats", - "so-threat-summary", - "so-mark-as-threat", - "so-mitigate-threat", + "name": "SentinelOne", + "fromversion": "3.1.0", + "commands": [ + "so-activities", + "so-count-by-filters", + "so-agents-count", + "so-agent-decommission", + "so-get-agent", + "so-agents-query", + "so-get-agent-processes", + "so-agent-recommission", + "so-agent-unquarentine", + "so-agent-shutdown", + "so-agent-uninstall", + "so-agents-broadcast", + "so-agents-connect", + "so-agent-quarentine", + "so-agents-decommission", + "so-agents-disconnect", + "so-agents-fetch-logs", + "so-agents-shutdown", + "so-agents-uninstall", + "so-agents-upgrade-software", + "so-create-exclusion-list", + "so-delete-exclusion-list", + "so-get-exclusion-list", + "so-get-exclusion-lists", + "so-update-exclusion-list", + "so-get-groups", + "so-create-group", + "so-get-group", + "so-update-group", + "so-delete-group", + "so-add-agent-to-group", + "so-set-cloud-intelligence", + "so-create-hash", + "so-delete-hash", + "so-get-hash-reputation", + "so-get-hash", + "so-get-hashes", + "so-update-hash", + "so-get-policies", + "so-create-policy", + "so-get-policy", + "so-update-policy", + "so-delete-policy", + "so-get-threat", + "so-get-threats", + "so-threat-summary", + "so-mark-as-threat", + "so-mitigate-threat", "so-reslove-threats" ] } - }, + }, { "AMP": { - "name": "AMP", - "commands": [ - "amp_get_computers", - "amp_get_computer_by_connector", - "amp_get_computer_trajctory", - "amp_move_computer", - "amp_get_computer_actvity", - "amp_get_events", - "amp_get_event_types", - "amp_get_application_blocking", - "amp_get_file_list_by_guid", - "amp_get_simple_custom_detections", - "amp_get_file_list_files", - "amp_get_file_list_files_by_sha", - "amp_set_file_list_files_by_sha", - "amp_delete_file_list_files_by_sha", - "amp_get_groups", - "amp_get_group", - "amp_set_group_policy", - "amp_get_policies", - "amp_get_policy", + "name": "AMP", + "commands": [ + "amp_get_computers", + "amp_get_computer_by_connector", + "amp_get_computer_trajctory", + "amp_move_computer", + "amp_get_computer_actvity", + "amp_get_events", + "amp_get_event_types", + "amp_get_application_blocking", + "amp_get_file_list_by_guid", + "amp_get_simple_custom_detections", + "amp_get_file_list_files", + "amp_get_file_list_files_by_sha", + "amp_set_file_list_files_by_sha", + "amp_delete_file_list_files_by_sha", + "amp_get_groups", + "amp_get_group", + "amp_set_group_policy", + "amp_get_policies", + "amp_get_policy", "amp_get_version" ] } - }, + }, { "AWS - SQS": { - "name": "AWS - SQS", + "name": "AWS - SQS", "commands": [ - "aws-sqs-get-queue-url", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-create-queue", - "aws-sqs-delete-queue", + "aws-sqs-get-queue-url", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-create-queue", + "aws-sqs-delete-queue", "aws-sqs-purge-queue" ] } - }, + }, { "carbonblackliveresponse": { - "name": "carbonblackliveresponse", - "toversion": "3.6.0", - "commands": [ - "cb-archive", - "cb-command-cancel", - "cb-command-create", - "cb-command-create-and-wait", - "cb-command-info", - "cb-file-delete", - "cb-file-get", - "cb-file-info", - "cb-file-upload", - "cb-keepalive", - "cb-list-commands", - "cb-list-files", - "cb-list-sessions", - "cb-session-close", - "cb-session-create", - "cb-session-create-and-wait", - "cb-session-info", + "name": "carbonblackliveresponse", + "toversion": "3.6.0", + "commands": [ + "cb-archive", + "cb-command-cancel", + "cb-command-create", + "cb-command-create-and-wait", + "cb-command-info", + "cb-file-delete", + "cb-file-get", + "cb-file-info", + "cb-file-upload", + "cb-keepalive", + "cb-list-commands", + "cb-list-files", + "cb-list-sessions", + "cb-session-close", + "cb-session-create", + "cb-session-create-and-wait", + "cb-session-info", "cb-terminate-process" ] } - }, + }, { "AWS - Route53": { - "name": "AWS - Route53", - "commands": [ - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-hosted-zones", - "aws-route53-list-resource-record-sets", - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", + "name": "AWS - Route53", + "commands": [ + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-hosted-zones", + "aws-route53-list-resource-record-sets", + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", "aws-route53-upsert-record" ] } - }, + }, { "Tanium": { - "name": "Tanium", - "commands": [ - "tn-get-package", - "tn-get-all-packages", - "tn-get-object", - "tn-get-all-saved-questions", - "tn-deploy-package", - "tn-ask-question", - "tn-ask-system", - "tn-get-saved-question", - "tn-create-package", - "tn-approve-pending-action", - "tn-get-all-objects", - "tn-get-all-saved-actions", - "tn-get-all-pending-actions", - "tn-get-all-sensors", - "tn-parse-query", - "tn-ask-manual-question", - "tn-get-sensor", + "name": "Tanium", + "commands": [ + "tn-get-package", + "tn-get-all-packages", + "tn-get-object", + "tn-get-all-saved-questions", + "tn-deploy-package", + "tn-ask-question", + "tn-ask-system", + "tn-get-saved-question", + "tn-create-package", + "tn-approve-pending-action", + "tn-get-all-objects", + "tn-get-all-saved-actions", + "tn-get-all-pending-actions", + "tn-get-all-sensors", + "tn-parse-query", + "tn-ask-manual-question", + "tn-get-sensor", "tn-get-action" ] } - }, + }, { "FireEye ETP": { - "name": "FireEye ETP", + "name": "FireEye ETP", "commands": [ - "fireeye-etp-search-messages", - "fireeye-etp-get-message", - "fireeye-etp-get-alerts", + "fireeye-etp-search-messages", + "fireeye-etp-get-message", + "fireeye-etp-get-alerts", "fireeye-etp-get-alert" ] } - }, + }, { "InfoArmor VigilanteATI": { - "name": "InfoArmor VigilanteATI", - "commands": [ - "vigilante-query-infected-host-data", - "vigilante-get-vulnerable-host-data", - "vigilante-query-ecrime-db", - "vigilante-search-leaks", - "vigilante-get-leak", - "vigilante-query-accounts", - "vigilante-query-domains", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", + "name": "InfoArmor VigilanteATI", + "commands": [ + "vigilante-query-infected-host-data", + "vigilante-get-vulnerable-host-data", + "vigilante-query-ecrime-db", + "vigilante-search-leaks", + "vigilante-get-leak", + "vigilante-query-accounts", + "vigilante-query-domains", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", "vigilante-account-usage-info" ] } - }, + }, { "IBM Resilient Systems": { - "name": "IBM Resilient Systems", - "commands": [ - "rs-search-incidents", - "rs-update-incident", - "rs-incidents-get-members", - "rs-get-incident", - "rs-incidents-update-member", - "rs-get-users", - "rs-close-incident", - "rs-create-incident", - "rs-incident-artifacts", - "rs-incident-attachments", - "rs-related-incidents", + "name": "IBM Resilient Systems", + "commands": [ + "rs-search-incidents", + "rs-update-incident", + "rs-incidents-get-members", + "rs-get-incident", + "rs-incidents-update-member", + "rs-get-users", + "rs-close-incident", + "rs-create-incident", + "rs-incident-artifacts", + "rs-incident-attachments", + "rs-related-incidents", "rs-incidents-get-tasks" ] } - }, + }, { "AWS - IAM": { - "name": "AWS - IAM", - "commands": [ - "aws-iam-create-user", - "aws-iam-get-user", - "aws-iam-list-users", - "aws-iam-update-user", - "aws-iam-delete-user", - "aws-iam-update-login-profile", - "aws-iam-create-group", - "aws-iam-list-groups", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-create-access-key", - "aws-iam-update-access-key", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-policies", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-detach-policy", - "aws-iam-delete-login-profile", - "aws-iam-delete-group", - "aws-iam-remove-user-from-group", - "aws-iam-create-login-profile", - "aws-iam-delete-access-key", - "aws-iam-create-instance-profile", - "aws-iam-delete-instance-profile", - "aws-iam-list-instance-profiles", - "aws-iam-add-role-to-instance-profile", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-get-instance-profile", - "aws-iam-get-role", - "aws-iam-delete-role", - "aws-iam-create-role", - "aws-iam-create-policy", - "aws-iam-delete-policy", - "aws-iam-create-policy-version", - "aws-iam-delete-policy-version", - "aws-iam-list-policy-versions", - "aws-iam-get-policy-version", - "aws-iam-set-default-policy-version", - "aws-iam-create-account-alias", + "name": "AWS - IAM", + "commands": [ + "aws-iam-create-user", + "aws-iam-get-user", + "aws-iam-list-users", + "aws-iam-update-user", + "aws-iam-delete-user", + "aws-iam-update-login-profile", + "aws-iam-create-group", + "aws-iam-list-groups", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-create-access-key", + "aws-iam-update-access-key", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-policies", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-detach-policy", + "aws-iam-delete-login-profile", + "aws-iam-delete-group", + "aws-iam-remove-user-from-group", + "aws-iam-create-login-profile", + "aws-iam-delete-access-key", + "aws-iam-create-instance-profile", + "aws-iam-delete-instance-profile", + "aws-iam-list-instance-profiles", + "aws-iam-add-role-to-instance-profile", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-get-instance-profile", + "aws-iam-get-role", + "aws-iam-delete-role", + "aws-iam-create-role", + "aws-iam-create-policy", + "aws-iam-delete-policy", + "aws-iam-create-policy-version", + "aws-iam-delete-policy-version", + "aws-iam-list-policy-versions", + "aws-iam-get-policy-version", + "aws-iam-set-default-policy-version", + "aws-iam-create-account-alias", "aws-iam-delete-account-alias" ] } - }, + }, { "Symantec Endpoint Protection": { - "name": "Symantec Endpoint Protection", - "commands": [ - "sep-endpoints-info", - "sep-update-content", - "sep-scan", - "sep-groups-info", - "sep-system-info", - "sep-command-status", - "sep-quarantine", + "name": "Symantec Endpoint Protection", + "commands": [ + "sep-endpoints-info", + "sep-update-content", + "sep-scan", + "sep-groups-info", + "sep-system-info", + "sep-command-status", + "sep-quarantine", "sep-client-content" ] } - }, + }, { "SumoLogic": { - "name": "SumoLogic", + "name": "SumoLogic", "commands": [ "search" ] } - }, + }, { "Pwned": { - "name": "Pwned", + "name": "Pwned", "commands": [ - "pwned-email", - "pwned-domain", + "pwned-email", + "pwned-domain", "email" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "toversion": "3.1.0", + "name": "urlscan.io", + "toversion": "3.1.0", "commands": [ - "url", - "ip", - "file", + "url", + "ip", + "file", "urlscan-submit" ] } - }, + }, { "Lastline": { - "name": "Lastline", - "commands": [ - "lastline-get", - "url", - "file", - "lastline-upload", - "lastline-upload-url", - "lastline-upload-file", - "lastline-get-report", + "name": "Lastline", + "commands": [ + "lastline-get", + "url", + "file", + "lastline-upload", + "lastline-upload-url", + "lastline-upload-file", + "lastline-get-report", "lastline-get-task-list" ] } - }, + }, { "urlscan.io": { - "name": "urlscan.io", - "fromversion": "3.5.0", + "name": "urlscan.io", + "fromversion": "3.5.0", "commands": [ - "urlscan-search", - "urlscan-submit", + "urlscan-search", + "urlscan-submit", "url" ] } - }, + }, { "OpsGenie": { - "name": "OpsGenie", + "name": "OpsGenie", "commands": [ - "opsgenie-get-on-call", - "opsgenie-get-user", - "opsgenie-get-schedules", + "opsgenie-get-on-call", + "opsgenie-get-user", + "opsgenie-get-schedules", "opsgenie-get-schedule-timeline" ] } - }, + }, { "McAfeeDAM": { - "name": "McAfeeDAM", + "name": "McAfeeDAM", "commands": [ - "dam-get-alert-by-id", + "dam-get-alert-by-id", "dam-get-latest-by-rule" ] } - }, + }, { "okta": { - "name": "okta", - "fromversion": "3.6.0", - "commands": [ - "okta-unlock-user", - "okta-deactivate-user", - "okta-activate-user", - "okta-suspend-user", - "okta-unsuspend-user", - "okta-get-user-factors", - "okta-verify-push-factor", - "okta-reset-factor", - "okta-get-groups", - "okta-set-password", - "okta-search", - "okta-get-user", - "okta-create-user", - "okta-update-user", - "okta-get-failed-logins", - "okta-get-group-assignments", - "okta-get-application-assignments", - "okta-get-application-authentication", - "okta-get-logs", - "okta-add-to-group", - "okta-remove-from-group", - "okta-list-groups", + "name": "okta", + "fromversion": "3.6.0", + "commands": [ + "okta-unlock-user", + "okta-deactivate-user", + "okta-activate-user", + "okta-suspend-user", + "okta-unsuspend-user", + "okta-get-user-factors", + "okta-verify-push-factor", + "okta-reset-factor", + "okta-get-groups", + "okta-set-password", + "okta-search", + "okta-get-user", + "okta-create-user", + "okta-update-user", + "okta-get-failed-logins", + "okta-get-group-assignments", + "okta-get-application-assignments", + "okta-get-application-authentication", + "okta-get-logs", + "okta-add-to-group", + "okta-remove-from-group", + "okta-list-groups", "okta-get-group-members" ] } - }, + }, { "Devo": { - "name": "Devo", + "name": "Devo", "commands": [ "devo-query" ] } - }, + }, { "AWS - Security Hub": { - "name": "AWS - Security Hub", - "commands": [ - "aws-securityhub-get-findings", - "aws-securityhub-get-master-account", - "aws-securityhub-list-members", - "aws-securityhub-enable-security-hub", - "aws-securityhub-disable-security-hub", - "aws-securityhub-enable-import-findings-for-product", - "aws-securityhub-disable-import-findings-for-product", - "aws-securityhub-list-enabled-products-for-import", + "name": "AWS - Security Hub", + "commands": [ + "aws-securityhub-get-findings", + "aws-securityhub-get-master-account", + "aws-securityhub-list-members", + "aws-securityhub-enable-security-hub", + "aws-securityhub-disable-security-hub", + "aws-securityhub-enable-import-findings-for-product", + "aws-securityhub-disable-import-findings-for-product", + "aws-securityhub-list-enabled-products-for-import", "aws-securityhub-update-finding" ] } - }, + }, { "Moloch": { - "name": "Moloch", - "fromversion": "3.5.0", - "commands": [ - "moloch_connections_json", - "moloch_connections_csv", - "moloch_files_json", - "moloch_sessions_json", - "moloch_sessions_csv", - "moloch_sessions_pcap", - "moloch_spigraph_json", - "moloch_spiview_json", + "name": "Moloch", + "fromversion": "3.5.0", + "commands": [ + "moloch_connections_json", + "moloch_connections_csv", + "moloch_files_json", + "moloch_sessions_json", + "moloch_sessions_csv", + "moloch_sessions_pcap", + "moloch_spigraph_json", + "moloch_spiview_json", "moloch_unique_json" ] } - }, + }, { "RedLock": { - "name": "RedLock", + "name": "RedLock", "commands": [ - "redlock-search-alerts", - "redlock-get-alert-details", - "redlock-dismiss-alerts", - "redlock-reopen-alerts", + "redlock-search-alerts", + "redlock-get-alert-details", + "redlock-dismiss-alerts", + "redlock-reopen-alerts", "redlock-list-alert-filters" ] } - }, + }, { "Whois": { - "name": "Whois", - "fromversion": "4.1.0", + "name": "Whois", + "fromversion": "4.1.0", "commands": [ "whois" ] } - }, + }, { "SafeBreach": { - "name": "SafeBreach", + "name": "SafeBreach", "commands": [ - "safebreach-rerun", + "safebreach-rerun", "safebreach-get-simulation" ] } - }, + }, { "AlphaSOC Wisdom": { - "name": "AlphaSOC Wisdom", + "name": "AlphaSOC Wisdom", "commands": [ - "wisdom-domain-flags", + "wisdom-domain-flags", "wisdom-ip-flags" ] } - }, + }, { "jamf": { - "name": "jamf", + "name": "jamf", "commands": [ - "jamf-get-computers", + "jamf-get-computers", "jamf-get-computers-match" ] } - }, + }, { "CIRCL": { - "name": "CIRCL", + "name": "CIRCL", "commands": [ - "circl-dns-get", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-dns-get", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-ssl-get-certificate" ] } - }, + }, { "Panorama": { - "name": "Panorama", - "fromversion": "3.0.0", - "commands": [ - "panorama", - "panorama-commit", - "panorama-push-to-device-group", - "panorama-list-addresses", - "panorama-get-address", - "panorama-create-address", - "panorama-delete-address", - "panorama-list-address-groups", - "panorama-get-address-group", - "panorama-create-address-group", - "panorama-delete-address-group", - "panorama-edit-address-group", - "panorama-get-custom-url-category", - "panorama-create-custom-url-category", - "panorama-delete-custom-url-category", - "panorama-edit-custom-url-category", - "panorama-get-url-category", - "panorama-get-url-filter", - "panorama-create-url-filter", - "panorama-edit-url-filter", - "panorama-delete-url-filter", - "panorama-create-rule", - "panorama-custom-block-rule", - "panorama-move-rule", - "panorama-edit-rule", - "panorama-delete-rule", - "panorama-list-applications", - "panorama-commit-status", + "name": "Panorama", + "fromversion": "3.0.0", + "commands": [ + "panorama", + "panorama-commit", + "panorama-push-to-device-group", + "panorama-list-addresses", + "panorama-get-address", + "panorama-create-address", + "panorama-delete-address", + "panorama-list-address-groups", + "panorama-get-address-group", + "panorama-create-address-group", + "panorama-delete-address-group", + "panorama-edit-address-group", + "panorama-get-custom-url-category", + "panorama-create-custom-url-category", + "panorama-delete-custom-url-category", + "panorama-edit-custom-url-category", + "panorama-get-url-category", + "panorama-get-url-filter", + "panorama-create-url-filter", + "panorama-edit-url-filter", + "panorama-delete-url-filter", + "panorama-create-rule", + "panorama-custom-block-rule", + "panorama-move-rule", + "panorama-edit-rule", + "panorama-delete-rule", + "panorama-list-applications", + "panorama-commit-status", "panorama-push-status" ] } - }, + }, { "icebrg": { - "name": "icebrg", + "name": "icebrg", "commands": [ - "icebrg-search-events", - "icebrg-get-history", - "icebrg-saved-searches", - "icebrg-get-reports", - "icebrg-get-report-indicators", + "icebrg-search-events", + "icebrg-get-history", + "icebrg-saved-searches", + "icebrg-get-reports", + "icebrg-get-report-indicators", "icebrg-get-report-assets" ] } - }, + }, { "EasyVista": { - "name": "EasyVista", + "name": "EasyVista", "commands": [ "easy-vista-search" ] } - }, + }, { "ThreatConnect": { - "name": "ThreatConnect", - "commands": [ - "ip", - "url", - "file", - "tc-owners", - "tc-indicators", - "tc-get-tags", - "tc-tag-indicator", - "tc-get-indicator", - "tc-get-indicators-by-tag", - "tc-add-indicator", - "tc-create-incident", - "tc-fetch-incidents", - "tc-incident-associate-indicator", - "domain", + "name": "ThreatConnect", + "commands": [ + "ip", + "url", + "file", + "tc-owners", + "tc-indicators", + "tc-get-tags", + "tc-tag-indicator", + "tc-get-indicator", + "tc-get-indicators-by-tag", + "tc-add-indicator", + "tc-create-incident", + "tc-fetch-incidents", + "tc-incident-associate-indicator", + "domain", "tc-get-incident-associate-indicators" ] } - }, + }, { "BitDam": { - "name": "BitDam", + "name": "BitDam", "commands": [ - "bitdam-upload-file", + "bitdam-upload-file", "bitdam-get-verdict" ] } - }, + }, { "AWS - S3": { - "name": "AWS - S3", - "commands": [ - "aws-s3-create-bucket", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-get-bucket-policy", - "aws-s3-delete-bucket-policy", - "aws-s3-download-file", - "aws-s3-list-bucket-objects", - "aws-s3-put-bucket-policy", + "name": "AWS - S3", + "commands": [ + "aws-s3-create-bucket", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-get-bucket-policy", + "aws-s3-delete-bucket-policy", + "aws-s3-download-file", + "aws-s3-list-bucket-objects", + "aws-s3-put-bucket-policy", "aws-s3-upload-file" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "toversion": "3.1.0", - "fromversion": "2.0.4", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-check-status", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", + "name": "McAfee Advanced Threat Defense", + "toversion": "3.1.0", + "fromversion": "2.0.4", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-check-status", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", "atd-login" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "toversion": "3.1.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "toversion": "3.1.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Mimecast": { - "name": "Mimecast", - "fromversion": "1.6.2", + "name": "Mimecast", + "fromversion": "1.6.2", "commands": [ "mimecast-query" ] } - }, + }, { "Shodan": { - "name": "Shodan", + "name": "Shodan", "commands": [ - "search", + "search", "ip" ] } - }, + }, { "AWS - GuardDuty": { - "name": "AWS - GuardDuty", - "commands": [ - "aws-gd-create-detector", - "aws-gd-delete-detector", - "aws-gd-get-detector", - "aws-gd-update-detector", - "aws-gd-create-ip-set", - "aws-gd-delete-ip-set", - "aws-gd-list-detectors", - "aws-gd-update-ip-set", - "aws-gd-get-ip-set", - "aws-gd-list-ip-sets", - "aws-gd-create-threatintel-set", - "aws-gd-delete-threatintel-set", - "aws-gd-get-threatintel-set", - "aws-gd-list-threatintel-sets", - "aws-gd-update-threatintel-set", - "aws-gd-list-findings", - "aws-gd-get-findings", - "aws-gd-create-sample-findings", - "aws-gd-archive-findings", - "aws-gd-unarchive-findings", + "name": "AWS - GuardDuty", + "commands": [ + "aws-gd-create-detector", + "aws-gd-delete-detector", + "aws-gd-get-detector", + "aws-gd-update-detector", + "aws-gd-create-ip-set", + "aws-gd-delete-ip-set", + "aws-gd-list-detectors", + "aws-gd-update-ip-set", + "aws-gd-get-ip-set", + "aws-gd-list-ip-sets", + "aws-gd-create-threatintel-set", + "aws-gd-delete-threatintel-set", + "aws-gd-get-threatintel-set", + "aws-gd-list-threatintel-sets", + "aws-gd-update-threatintel-set", + "aws-gd-list-findings", + "aws-gd-get-findings", + "aws-gd-create-sample-findings", + "aws-gd-archive-findings", + "aws-gd-unarchive-findings", "aws-gd-update-findings-feedback" ] } - }, + }, { "Mimecast Authentication": { - "name": "Mimecast Authentication", + "name": "Mimecast Authentication", "commands": [ - "mimecast-login", - "mimecast-discover", + "mimecast-login", + "mimecast-discover", "mimecast-refresh-token" ] } - }, + }, { "malwr": { - "name": "malwr", - "fromversion": "3.0.0", + "name": "malwr", + "fromversion": "3.0.0", "commands": [ - "malwr-submit", - "malwr-status", - "malwr-result", + "malwr-submit", + "malwr-status", + "malwr-result", "malwr-detonate" ] } - }, + }, { "FalconHost": { - "name": "FalconHost", - "fromversion": "2.5.0", - "commands": [ - "cs-upload-ioc", - "cs-get-ioc", - "cs-update-ioc", - "cs-delete-ioc", - "cs-search-iocs", - "cs-device-search", - "cs-device-details", - "cs-device-count-ioc", - "cs-device-ran-on", - "cs-processes-ran-on", - "cs-process-details", - "cs-resolve-detection", - "cs-detection-search", + "name": "FalconHost", + "fromversion": "2.5.0", + "commands": [ + "cs-upload-ioc", + "cs-get-ioc", + "cs-update-ioc", + "cs-delete-ioc", + "cs-search-iocs", + "cs-device-search", + "cs-device-details", + "cs-device-count-ioc", + "cs-device-ran-on", + "cs-processes-ran-on", + "cs-process-details", + "cs-resolve-detection", + "cs-detection-search", "cs-detection-details" ] } - }, + }, { "ServiceNow": { - "name": "ServiceNow", - "commands": [ - "servicenow-get-ticket", - "servicenow-get", - "servicenow-incident-get", - "servicenow-create-ticket", - "servicenow-create", - "servicenow-incident-create", - "servicenow-update-ticket", - "servicenow-update", - "servicenow-incident-update", - "servicenow-delete-ticket", - "servicenow-add-link", - "servicenow-incident-add-link", - "servicenow-add-comment", - "servicenow-incident-add-comment", - "servicenow-query-tickets", - "servicenow-query", - "servicenow-incidents-query", - "servicenow-upload-file", - "servicenow-incident-upload-file", - "servicenow-get-groups", - "servicenow-get-computer", - "servicenow-get-record", - "servicenow-query-table", - "servicenow-create-record", - "servicenow-update-record", - "servicenow-delete-record", - "servicenow-list-table-fields", - "servicenow-query-computers", - "servicenow-query-groups", - "servicenow-query-users", + "name": "ServiceNow", + "commands": [ + "servicenow-get-ticket", + "servicenow-get", + "servicenow-incident-get", + "servicenow-create-ticket", + "servicenow-create", + "servicenow-incident-create", + "servicenow-update-ticket", + "servicenow-update", + "servicenow-incident-update", + "servicenow-delete-ticket", + "servicenow-add-link", + "servicenow-incident-add-link", + "servicenow-add-comment", + "servicenow-incident-add-comment", + "servicenow-query-tickets", + "servicenow-query", + "servicenow-incidents-query", + "servicenow-upload-file", + "servicenow-incident-upload-file", + "servicenow-get-groups", + "servicenow-get-computer", + "servicenow-get-record", + "servicenow-query-table", + "servicenow-create-record", + "servicenow-update-record", + "servicenow-delete-record", + "servicenow-list-table-fields", + "servicenow-query-computers", + "servicenow-query-groups", + "servicenow-query-users", "servicenow-get-table-name" ] } - }, + }, { "Tenable.sc": { - "name": "Tenable.sc", - "commands": [ - "tenable-sc-list-scans", - "tenable-sc-launch-scan", - "tenable-sc-get-vulnerability", - "tenable-sc-get-scan-status", - "tenable-sc-get-scan-report", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-report-definitions", - "tenable-sc-list-repositories", - "tenable-sc-list-zones", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-list-assets", - "tenable-sc-create-asset", - "tenable-sc-get-asset", - "tenable-sc-delete-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-alert", - "tenable-sc-get-device", - "tenable-sc-list-users", - "tenable-sc-get-system-licensing", + "name": "Tenable.sc", + "commands": [ + "tenable-sc-list-scans", + "tenable-sc-launch-scan", + "tenable-sc-get-vulnerability", + "tenable-sc-get-scan-status", + "tenable-sc-get-scan-report", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-report-definitions", + "tenable-sc-list-repositories", + "tenable-sc-list-zones", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-list-assets", + "tenable-sc-create-asset", + "tenable-sc-get-asset", + "tenable-sc-delete-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-alert", + "tenable-sc-get-device", + "tenable-sc-list-users", + "tenable-sc-get-system-licensing", "tenable-sc-get-system-information" ] } - }, + }, { "google-vault": { - "name": "google-vault", - "commands": [ - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-matter-update-state", - "gvault-create-export-groups", - "gvault-create-hold", - "gvault-add-heldAccount", - "gvault-remove-heldAccount", - "gvault-delete-hold", - "gvault-list-matters", - "gvault-get-matter", - "gvault-list-holds", - "gvault-export-status", - "gvault-download-results", - "gvault-get-drive-results", - "gvault-get-mail-results", + "name": "google-vault", + "commands": [ + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-matter-update-state", + "gvault-create-export-groups", + "gvault-create-hold", + "gvault-add-heldAccount", + "gvault-remove-heldAccount", + "gvault-delete-hold", + "gvault-list-matters", + "gvault-get-matter", + "gvault-list-holds", + "gvault-export-status", + "gvault-download-results", + "gvault-get-drive-results", + "gvault-get-mail-results", "gvault-get-groups-results" ] } - }, + }, { "AlienValut OTX": { - "name": "AlienValut OTX", - "toversion": "3.0.1", - "commands": [ - "ip", - "domain", - "ipv6", - "hostname", - "file", - "alienvault-query-file", - "alienvault-search-pulses", - "alienvault-get-pulse-details", + "name": "AlienValut OTX", + "toversion": "3.0.1", + "commands": [ + "ip", + "domain", + "ipv6", + "hostname", + "file", + "alienvault-query-file", + "alienvault-search-pulses", + "alienvault-get-pulse-details", "url" ] } - }, + }, { "MISP": { - "name": "MISP", - "commands": [ - "internal-misp-upload-sample", - "misp-search", - "file", - "url", - "ip", - "internal-misp-download-sample", - "internal-misp-create-event", + "name": "MISP", + "commands": [ + "internal-misp-upload-sample", + "misp-search", + "file", + "url", + "ip", + "internal-misp-download-sample", + "internal-misp-create-event", "internal-misp-add-attribute" ] } - }, + }, { "FalconIntel": { - "name": "FalconIntel", - "toversion": "3.1.0", - "fromversion": "2.5.0", - "commands": [ - "file", - "url", - "domain", - "ip", - "cs-actors", - "cs-indicators", - "cs-reports", + "name": "FalconIntel", + "toversion": "3.1.0", + "fromversion": "2.5.0", + "commands": [ + "file", + "url", + "domain", + "ip", + "cs-actors", + "cs-indicators", + "cs-reports", "cs-report-pdf" ] } - }, + }, { "Box": { - "name": "Box", - "commands": [ - "box_get_current_user", - "box_get_users", - "box_update_user", - "box_add_user", - "box_delete_user", - "box_move_folder", - "box_files_get", - "box_initiate", + "name": "Box", + "commands": [ + "box_get_current_user", + "box_get_users", + "box_update_user", + "box_add_user", + "box_delete_user", + "box_move_folder", + "box_files_get", + "box_initiate", "box_files_get_info" ] } - }, + }, { "Remedy On-Demand": { - "name": "Remedy On-Demand", + "name": "Remedy On-Demand", "commands": [ - "remedy-incident-create", - "remedy-get-incident", - "remedy-fetch-incidents", + "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", "remedy-incident-update" ] } - }, + }, { "Rasterize": { - "name": "Rasterize", + "name": "Rasterize", "commands": [ - "rasterize", - "rasterize-email", + "rasterize", + "rasterize-email", "rasterize-image" ] } - }, + }, { "FortiGate": { - "name": "FortiGate", - "commands": [ - "fortigate-get-addresses", - "fortigate-get-service-groups", - "fortigate-update-service-group", - "fortigate-delete-service-group", - "fortigate-get-firewall-service", - "fortigate-create-firewall-service", - "fortigate-get-policy", - "fortigate-update-policy", - "fortigate-create-policy", - "fortigate-move-policy", - "fortigate-delete-policy", - "fortigate-get-address-groups", - "fortigate-update-address-group", - "fortigate-create-address-group", + "name": "FortiGate", + "commands": [ + "fortigate-get-addresses", + "fortigate-get-service-groups", + "fortigate-update-service-group", + "fortigate-delete-service-group", + "fortigate-get-firewall-service", + "fortigate-create-firewall-service", + "fortigate-get-policy", + "fortigate-update-policy", + "fortigate-create-policy", + "fortigate-move-policy", + "fortigate-delete-policy", + "fortigate-get-address-groups", + "fortigate-update-address-group", + "fortigate-create-address-group", "fortigate-delete-address-group" ] } - }, + }, { "RTIR": { - "name": "RTIR", - "commands": [ - "rtir-create-ticket", - "rtir-search-ticket", - "rtir-resolve-ticket", - "rtir-edit-ticket", - "rtir-ticket-history", - "rtir-get-ticket", - "rtir-ticket-attachments", - "rtir-add-comment", + "name": "RTIR", + "commands": [ + "rtir-create-ticket", + "rtir-search-ticket", + "rtir-resolve-ticket", + "rtir-edit-ticket", + "rtir-ticket-history", + "rtir-get-ticket", + "rtir-ticket-attachments", + "rtir-add-comment", "rtir-add-reply" ] } - }, + }, { "Tenable.io": { - "name": "Tenable.io", + "name": "Tenable.io", "commands": [ - "tenable-io-list-scans", - "tenable-io-launch-scan", - "tenable-io-get-scan-report", - "tenable-io-get-vulnerability-details", - "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-list-scans", + "tenable-io-launch-scan", + "tenable-io-get-scan-report", + "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", "tenable-io-get-scan-status" ] } - }, + }, { "Stealthwatch Cloud": { - "name": "Stealthwatch Cloud", - "commands": [ - "sw-show-alert", - "sw-update-alert", - "sw-list-alerts", - "sw-block-domain-or-ip", - "sw-unblock-domain", - "sw-list-blocked-domains", - "sw-list-observations", + "name": "Stealthwatch Cloud", + "commands": [ + "sw-show-alert", + "sw-update-alert", + "sw-list-alerts", + "sw-block-domain-or-ip", + "sw-unblock-domain", + "sw-list-blocked-domains", + "sw-list-observations", "sw-list-sessions" ] } - }, + }, { "EWS v2": { - "name": "EWS v2", - "commands": [ - "ews-get-attachment", - "ews-delete-attachment", - "ews-get-searchable-mailboxes", - "ews-search-mailboxes", - "ews-move-item", - "ews-delete-items", - "ews-search-mailbox", - "ews-get-contacts", - "ews-get-out-of-office", - "ews-recover-messages", - "ews-create-folder", - "ews-mark-item-as-junk", - "ews-find-folders", - "ews-get-items-from-folder", - "ews-get-items", - "ews-move-item-between-mailboxes", - "ews-get-folder", - "ews-o365-start-compliance-search", - "ews-o365-get-compliance-search", - "ews-o365-purge-compliance-search-results", - "ews-o365-remove-compliance-search", + "name": "EWS v2", + "commands": [ + "ews-get-attachment", + "ews-delete-attachment", + "ews-get-searchable-mailboxes", + "ews-search-mailboxes", + "ews-move-item", + "ews-delete-items", + "ews-search-mailbox", + "ews-get-contacts", + "ews-get-out-of-office", + "ews-recover-messages", + "ews-create-folder", + "ews-mark-item-as-junk", + "ews-find-folders", + "ews-get-items-from-folder", + "ews-get-items", + "ews-move-item-between-mailboxes", + "ews-get-folder", + "ews-o365-start-compliance-search", + "ews-o365-get-compliance-search", + "ews-o365-purge-compliance-search-results", + "ews-o365-remove-compliance-search", "ews-o365-get-compliance-search-purge-status" ] } - }, + }, { "Lockpath KeyLight": { - "name": "Lockpath KeyLight", - "fromversion": "3.5.0", - "commands": [ - "kl-get-component-list", - "kl-get-component", - "kl-get-component-by-alias", - "kl-get-field-list", - "kl-get-field", - "kl-get-record-count", - "kl-get-record", - "kl-get-records", - "kl-delete-record", - "kl-create-record", - "kl-update-record", - "kl-get-detail-record", - "kl-get-lookup-report-column-fields", - "kl-get-detail-records", - "kl-get-record-attachments", - "kl-get-record-attachment", + "name": "Lockpath KeyLight", + "fromversion": "3.5.0", + "commands": [ + "kl-get-component-list", + "kl-get-component", + "kl-get-component-by-alias", + "kl-get-field-list", + "kl-get-field", + "kl-get-record-count", + "kl-get-record", + "kl-get-records", + "kl-delete-record", + "kl-create-record", + "kl-update-record", + "kl-get-detail-record", + "kl-get-lookup-report-column-fields", + "kl-get-detail-records", + "kl-get-record-attachments", + "kl-get-record-attachment", "kl-delete-record-attachments" ] } - }, + }, { "Dell Secureworks": { - "name": "Dell Secureworks", - "fromversion": "3.6.0", - "commands": [ - "secure-works-create-ticket", - "secure-works-update-ticket", - "secure-works-close-ticket", - "secure-works-add-worklogs-ticket", - "secure-works-get-ticket", - "secure-works-assign-ticket", - "secure-works-get-tickets-updates", - "secure-works-get-close-codes", - "secure-works-get-tickets-ids", + "name": "Dell Secureworks", + "fromversion": "3.6.0", + "commands": [ + "secure-works-create-ticket", + "secure-works-update-ticket", + "secure-works-close-ticket", + "secure-works-add-worklogs-ticket", + "secure-works-get-ticket", + "secure-works-assign-ticket", + "secure-works-get-tickets-updates", + "secure-works-get-close-codes", + "secure-works-get-tickets-ids", "secure-works-get-ticket-count" ] } - }, + }, { "Luminate": { - "name": "Luminate", - "fromversion": "0.0.0", + "name": "Luminate", + "fromversion": "0.0.0", "commands": [ - "lum-block-user", - "lum-unblock-user", - "lum-destroy-user-session", - "lum-get-http-access-logs", + "lum-block-user", + "lum-unblock-user", + "lum-destroy-user-session", + "lum-get-http-access-logs", "lum-get-ssh-access-logs" ] } - }, + }, { "VirusTotal - Private API": { - "name": "VirusTotal - Private API", - "commands": [ - "vt-private-check-file-behaviour", - "vt-private-get-domain-report", - "vt-private-get-file-report", - "vt-private-get-url-report", - "vt-private-get-ip-report", - "vt-private-search-file", - "vt-private-hash-communication", + "name": "VirusTotal - Private API", + "commands": [ + "vt-private-check-file-behaviour", + "vt-private-get-domain-report", + "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-ip-report", + "vt-private-search-file", + "vt-private-hash-communication", "vt-private-download-file" ] } - }, + }, { "Guidance Encase Endpoint": { - "name": "Guidance Encase Endpoint", + "name": "Guidance Encase Endpoint", "commands": [ - "encase-copyjob", - "encase-snapshot", + "encase-copyjob", + "encase-snapshot", "encase-verifyhash" ] } - }, + }, { "Incapsula": { - "name": "Incapsula", - "commands": [ - "incap-add-managed-account", - "incap-list-managed-accounts", - "incap-add-subaccount", - "incap-list-subaccounts", - "incap-get-account-status", - "incap-modify-account-configuration", - "incap-set-account-log-level", - "incap-test-account-s3-connection", - "incap-test-account-sftp-connection", - "incap-set-account-s3-log-storage", - "incap-set-account-sftp-log-storage", - "incap-set-account-default-log-storage", - "incap-get-account-login-token", - "incap-delete-managed-account", - "incap-delete-subaccount", - "incap-get-account-audit-events", - "incap-set-account-default-data-storage-region", - "incap-get-account-default-data-storage-region", - "incap-add-site", - "incap-get-site-status", - "incap-get-domain-approver-email", - "incap-modify-site-configuration", - "incap-modify-site-log-level", - "incap-modify-site-tls-support", - "incap-modify-site-scurity-config", - "incap-modify-site-acl-config", - "incap-modify-site-wl-config", - "incap-delete-site", - "incap-list-sites", - "incap-get-site-report", - "incap-get-site-html-injection-rules", - "incap-add-site-html-injection-rule", - "incap-delete-site-html-injection-rule", - "incap-create-new-csr", - "incap-upload-certificate", - "incap-remove-custom-integration", - "incap-move-site", - "incap-check-compliance", - "incap-set-site-data-storage-region", - "incap-get-site-data-storage-region", - "incap-set-site-data-storage-region-geo-override", - "incap-get-site-data-storage-region-geo-override", - "incap-purge-site-cache", - "incap-modify-cache-mode", - "incap-purge-resources", - "incap-modify-caching-rules", - "incap-set-advanced-caching-settings", - "incap-purge-hostname-from-cache", - "incap-site-get-xray-link", - "incap-list-site-rule-revisions", - "incap-add-site-rule", - "incap-edit-site-rule", - "incap-enable-site-rule", - "incap-delete-site-rule", - "incap-list-site-rules", - "incap-revert-site-rule", - "incap-set-site-rule-priority", - "incap-add-site-datacenter", - "incap-edit-site-datacenter", - "incap-delete-site-datacenter", - "incap-list-site-datacenters", - "incap-add-site-datacenter-server", - "incap-edit-site-datacenter-server", - "incap-delete-site-datacenter-server", - "incap-get-statistics", - "incap-get-visits", - "incap-upload-public-key", - "incap-change-logs-collector-configuration", - "incap-get-infra-protection-statistics", - "incap-get-infra-protection-events", - "incap-add-login-protect", - "incap-edit-login-protect", - "incap-get-login-protect", - "incap-remove-login-protect", - "incap-send-sms-to-user", - "incap-modify-login-protect", - "incap-configure-app", - "incap-get-ip-ranges", - "incap-get-texts", - "incap-get-geo-info", + "name": "Incapsula", + "commands": [ + "incap-add-managed-account", + "incap-list-managed-accounts", + "incap-add-subaccount", + "incap-list-subaccounts", + "incap-get-account-status", + "incap-modify-account-configuration", + "incap-set-account-log-level", + "incap-test-account-s3-connection", + "incap-test-account-sftp-connection", + "incap-set-account-s3-log-storage", + "incap-set-account-sftp-log-storage", + "incap-set-account-default-log-storage", + "incap-get-account-login-token", + "incap-delete-managed-account", + "incap-delete-subaccount", + "incap-get-account-audit-events", + "incap-set-account-default-data-storage-region", + "incap-get-account-default-data-storage-region", + "incap-add-site", + "incap-get-site-status", + "incap-get-domain-approver-email", + "incap-modify-site-configuration", + "incap-modify-site-log-level", + "incap-modify-site-tls-support", + "incap-modify-site-scurity-config", + "incap-modify-site-acl-config", + "incap-modify-site-wl-config", + "incap-delete-site", + "incap-list-sites", + "incap-get-site-report", + "incap-get-site-html-injection-rules", + "incap-add-site-html-injection-rule", + "incap-delete-site-html-injection-rule", + "incap-create-new-csr", + "incap-upload-certificate", + "incap-remove-custom-integration", + "incap-move-site", + "incap-check-compliance", + "incap-set-site-data-storage-region", + "incap-get-site-data-storage-region", + "incap-set-site-data-storage-region-geo-override", + "incap-get-site-data-storage-region-geo-override", + "incap-purge-site-cache", + "incap-modify-cache-mode", + "incap-purge-resources", + "incap-modify-caching-rules", + "incap-set-advanced-caching-settings", + "incap-purge-hostname-from-cache", + "incap-site-get-xray-link", + "incap-list-site-rule-revisions", + "incap-add-site-rule", + "incap-edit-site-rule", + "incap-enable-site-rule", + "incap-delete-site-rule", + "incap-list-site-rules", + "incap-revert-site-rule", + "incap-set-site-rule-priority", + "incap-add-site-datacenter", + "incap-edit-site-datacenter", + "incap-delete-site-datacenter", + "incap-list-site-datacenters", + "incap-add-site-datacenter-server", + "incap-edit-site-datacenter-server", + "incap-delete-site-datacenter-server", + "incap-get-statistics", + "incap-get-visits", + "incap-upload-public-key", + "incap-change-logs-collector-configuration", + "incap-get-infra-protection-statistics", + "incap-get-infra-protection-events", + "incap-add-login-protect", + "incap-edit-login-protect", + "incap-get-login-protect", + "incap-remove-login-protect", + "incap-send-sms-to-user", + "incap-modify-login-protect", + "incap-configure-app", + "incap-get-ip-ranges", + "incap-get-texts", + "incap-get-geo-info", "incap-get-app-info" ] } - }, + }, { "XFE": { - "name": "XFE", - "fromversion": "2.5.0", - "commands": [ - "url", - "file", - "ip", - "domain", - "cve-search", + "name": "XFE", + "fromversion": "2.5.0", + "commands": [ + "url", + "file", + "ip", + "domain", + "cve-search", "cve-latest" ] } - }, + }, { "Cymon": { - "name": "Cymon", + "name": "Cymon", "commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "McAfee Advanced Threat Defense": { - "name": "McAfee Advanced Threat Defense", - "fromversion": "3.5.0", - "commands": [ - "atd-file-upload", - "atd-get-task-ids", - "atd-get-report", - "atd-list-analyzer-profiles", - "atd-list-user", - "atd-login", - "detonate-file", - "detonate-url", + "name": "McAfee Advanced Threat Defense", + "fromversion": "3.5.0", + "commands": [ + "atd-file-upload", + "atd-get-task-ids", + "atd-get-report", + "atd-list-analyzer-profiles", + "atd-list-user", + "atd-login", + "detonate-file", + "detonate-url", "atd-check-status" ] } - }, + }, { "AWS - CloudWatchLogs": { - "name": "AWS - CloudWatchLogs", - "commands": [ - "aws-logs-create-log-group", - "aws-logs-create-log-stream", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-filter-log-events", - "aws-logs-describe-log-groups", - "aws-logs-describe-log-streams", - "aws-logs-put-retention-policy", - "aws-logs-delete-retention-policy", - "aws-logs-put-log-events", - "aws-logs-put-metric-filter", - "aws-logs-delete-metric-filter", + "name": "AWS - CloudWatchLogs", + "commands": [ + "aws-logs-create-log-group", + "aws-logs-create-log-stream", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-filter-log-events", + "aws-logs-describe-log-groups", + "aws-logs-describe-log-streams", + "aws-logs-put-retention-policy", + "aws-logs-delete-retention-policy", + "aws-logs-put-log-events", + "aws-logs-put-metric-filter", + "aws-logs-delete-metric-filter", "aws-logs-describe-metric-filters" ] } - }, + }, { "Microsoft Graph": { - "name": "Microsoft Graph", + "name": "Microsoft Graph", "commands": [ - "msg-graph-admin-url", - "msg-search-alerts", - "msg-get-alert-details", - "msg-update-alert", - "msg-get-users", + "msg-graph-admin-url", + "msg-search-alerts", + "msg-get-alert-details", + "msg-update-alert", + "msg-get-users", "msg-get-user" ] } - }, + }, { "Secdo": { - "name": "Secdo", + "name": "Secdo", "commands": [ "secdo-add-IOCs" ] } - }, + }, { "Preempt": { - "name": "Preempt", + "name": "Preempt", "commands": [ - "preempt-add-to-watch-list", - "preempt-remove-from-watch-list", - "preempt-get-activities", - "preempt-get-user-endpoints", + "preempt-add-to-watch-list", + "preempt-remove-from-watch-list", + "preempt-get-activities", + "preempt-get-user-endpoints", "preempt-get-alerts" ] } - }, + }, { "PostgreSQL": { - "name": "PostgreSQL", + "name": "PostgreSQL", "commands": [ "pgsql-query" ] } - }, + }, { "epo": { - "name": "epo", - "commands": [ - "epo-help", - "epo-get-latest-dat", - "epo-get-current-dat", - "epo-update-client-dat", - "epo-update-repository", - "epo-get-system-tree-group", - "epo-find-systems", - "epo-command", - "epo-advanced-command", - "epo-wakeup-agent", - "epo-apply-tag", - "epo-clear-tag", - "epo-query-table", - "epo-get-tables", - "epo-find-system", + "name": "epo", + "commands": [ + "epo-help", + "epo-get-latest-dat", + "epo-get-current-dat", + "epo-update-client-dat", + "epo-update-repository", + "epo-get-system-tree-group", + "epo-find-systems", + "epo-command", + "epo-advanced-command", + "epo-wakeup-agent", + "epo-apply-tag", + "epo-clear-tag", + "epo-query-table", + "epo-get-tables", + "epo-find-system", "epo-get-version" ] } - }, + }, { "GRR": { - "name": "GRR", - "commands": [ - "grr-set-flows", - "grr-get-flows", - "grr-get-files", - "grr-get-hunts", - "grr-get-hunt", - "grr-set-hunts", - "grr-get-clients", - "grr_set_flows", - "grr_get_flows", - "grr_get_files", - "grr_get_hunts", - "grr_get_hunt", + "name": "GRR", + "commands": [ + "grr-set-flows", + "grr-get-flows", + "grr-get-files", + "grr-get-hunts", + "grr-get-hunt", + "grr-set-hunts", + "grr-get-clients", + "grr_set_flows", + "grr_get_flows", + "grr_get_files", + "grr_get_hunts", + "grr_get_hunt", "grr_set_hunts" ] } - }, + }, { "Nessus": { - "name": "Nessus", - "commands": [ - "nessus-list-scans", - "scans-list", - "nessus-launch-scan", - "scan-launch", - "nessus-scan-details", - "scan-details", - "scan-host-details", - "nessus-scan-host-details", - "nessus-scan-export", - "scan-export", - "scan-report-download", - "nessus-scan-report-download", - "scan-create", - "nessus-scan-create", - "nessus-get-scans-editors", - "scan-export-status", - "nessus-scan-export-status", + "name": "Nessus", + "commands": [ + "nessus-list-scans", + "scans-list", + "nessus-launch-scan", + "scan-launch", + "nessus-scan-details", + "scan-details", + "scan-host-details", + "nessus-scan-host-details", + "nessus-scan-export", + "scan-export", + "scan-report-download", + "nessus-scan-report-download", + "scan-create", + "nessus-scan-create", + "nessus-get-scans-editors", + "scan-export-status", + "nessus-scan-export-status", "nessus-scan-status" ] } - }, + }, { "GuardiCore": { - "name": "GuardiCore", - "fromversion": "3.5.0", - "commands": [ - "guardicore-get-incidents", - "guardicore-uncommon-domains", - "guardicore-unresolved-domains", - "guardicore-show-endpoint", - "guardicore-dns-requests", - "guardicore-search-endpoint", - "guardicore-misconfigurations", - "guardicore-get-incident", - "guardicore-get-incident-iocs", - "guardicore-get-incident-events", - "guardicore-get-incident-pcap", - "guardicore-get-incident-attachments", + "name": "GuardiCore", + "fromversion": "3.5.0", + "commands": [ + "guardicore-get-incidents", + "guardicore-uncommon-domains", + "guardicore-unresolved-domains", + "guardicore-show-endpoint", + "guardicore-dns-requests", + "guardicore-search-endpoint", + "guardicore-misconfigurations", + "guardicore-get-incident", + "guardicore-get-incident-iocs", + "guardicore-get-incident-events", + "guardicore-get-incident-pcap", + "guardicore-get-incident-attachments", "guardicore-search-network-log" ] } - }, + }, { "Digital Shadows": { - "name": "Digital Shadows", - "commands": [ - "ds-get-breach-reviews", - "ds-snapshot-breach-status", - "ds-find-breach-records", - "ds-get-breach-summary", - "ds-find-breach-usernames", - "ds-get-breach", - "ds-get-breach-records", - "ds-find-data-breaches", - "ds-get-incident", - "ds-get-incident-reviews", - "ds-snapshot-incident-review", - "ds-find-incidents-filtered", - "ds-get-incidents-summary", - "ds-get-apt-report", - "ds-get-intelligence-incident", - "ds-get-intelligence-incident-iocs", - "ds-find-intelligence-incidents", - "ds-find-intelligence-incidents-regional", - "ds-get-intelligence-threat", - "ds-get-intelligence-threat-iocs", - "ds-get-intelligence-threat-activity", - "ds-find-intelligence-threats", - "ds-find-intelligence-threats-regional", - "ds-get-port-reviews", - "ds-snapshot-port-review", - "ds-find-ports", - "ds-find-secure-sockets", - "ds-find-vulnerabilities", - "ds-search", + "name": "Digital Shadows", + "commands": [ + "ds-get-breach-reviews", + "ds-snapshot-breach-status", + "ds-find-breach-records", + "ds-get-breach-summary", + "ds-find-breach-usernames", + "ds-get-breach", + "ds-get-breach-records", + "ds-find-data-breaches", + "ds-get-incident", + "ds-get-incident-reviews", + "ds-snapshot-incident-review", + "ds-find-incidents-filtered", + "ds-get-incidents-summary", + "ds-get-apt-report", + "ds-get-intelligence-incident", + "ds-get-intelligence-incident-iocs", + "ds-find-intelligence-incidents", + "ds-find-intelligence-incidents-regional", + "ds-get-intelligence-threat", + "ds-get-intelligence-threat-iocs", + "ds-get-intelligence-threat-activity", + "ds-find-intelligence-threats", + "ds-find-intelligence-threats-regional", + "ds-get-port-reviews", + "ds-snapshot-port-review", + "ds-find-ports", + "ds-find-secure-sockets", + "ds-find-vulnerabilities", + "ds-search", "ds-get-tags" ] } - }, + }, { "fireeye": { - "name": "fireeye", - "fromversion": "3.5.0", - "commands": [ - "fe-report", - "fe-submit-status", - "fe-alert", - "fe-submit-result", - "fe-submit", - "fe-config", - "fe-submit-url", - "fe-submit-url-status", + "name": "fireeye", + "fromversion": "3.5.0", + "commands": [ + "fe-report", + "fe-submit-status", + "fe-alert", + "fe-submit-result", + "fe-submit", + "fe-config", + "fe-submit-url", + "fe-submit-url-status", "fe-submit-url-result" ] } - }, + }, { "RSA NetWitness Packets and Logs": { - "name": "RSA NetWitness Packets and Logs", - "fromversion": "3.5.0", - "commands": [ - "netwitness-msearch", - "netwitness-search", - "netwitness-query", - "netwitness-packets", - "nw-sdk-session", - "nw-sdk-content", - "nw-sdk-summary", - "nw-sdk-values", + "name": "RSA NetWitness Packets and Logs", + "fromversion": "3.5.0", + "commands": [ + "netwitness-msearch", + "netwitness-search", + "netwitness-query", + "netwitness-packets", + "nw-sdk-session", + "nw-sdk-content", + "nw-sdk-summary", + "nw-sdk-values", "nw-database-dump" ] } - }, + }, { "RSA NetWitness v11.1": { - "name": "RSA NetWitness v11.1", + "name": "RSA NetWitness v11.1", "commands": [ - "netwitness-get-incident", - "netwitness-get-incidents", - "netwitness-update-incident", - "netwitness-delete-incident", + "netwitness-get-incident", + "netwitness-get-incidents", + "netwitness-update-incident", + "netwitness-delete-incident", "netwitness-get-alerts" ] } - }, + }, { "Symantec Messaging Gateway": { - "name": "Symantec Messaging Gateway", - "commands": [ - "smg-block-email", - "smg-unblock-email", - "smg-block-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-unblock-domain", - "smg-get-blocked-domains", + "name": "Symantec Messaging Gateway", + "commands": [ + "smg-block-email", + "smg-unblock-email", + "smg-block-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-unblock-domain", + "smg-get-blocked-domains", "smg-get-blocked-ips" ] } - }, + }, { "OTRS": { - "name": "OTRS", - "fromversion": "4.1.0", + "name": "OTRS", + "fromversion": "4.1.0", "commands": [ - "otrs-get-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-update-ticket", + "otrs-get-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-update-ticket", "otrs-close-ticket" ] } - }, + }, { "Check Point Sandblast": { - "name": "Check Point Sandblast", - "fromversion": "3.5.0", - "commands": [ - "sb-query", - "sandblast-query", - "sb-upload", - "sandblast-upload", - "sb-download", - "sandblast-download", - "sb-quota", + "name": "Check Point Sandblast", + "fromversion": "3.5.0", + "commands": [ + "sb-query", + "sandblast-query", + "sb-upload", + "sandblast-upload", + "sb-download", + "sandblast-download", + "sb-quota", "sandblast-quota" ] } - }, + }, { "Cylance Protect": { - "name": "Cylance Protect", - "fromversion": "2.0.1", - "commands": [ - "cylance-protect-get-list", - "cylance-protect-get-devices", - "cylance-protect-get-threats", - "cylance-protect-download-threat", - "cylance-protect-get-threat-details", - "cylance-protect-device-delete", - "cylance-protect-get-device-threats", - "cylance-protect-update-device-threats", - "cylance-protect-delete-hash-from-lists", - "cylance-protect-update-hash-at-lists", - "cylance-protect-upload-threat", - "cylance-protect-get-threated-devices", - "cylance-protect-get-zones", - "cylance-protect-create-zone", - "cylance-protect-update-zone", - "cylance-protect-get-policies", - "cylance-protect-get-policy-details", - "cp-get-list", - "cp-get-devices", - "cp-get-threats", - "cp-download-threat", - "cp-get-threat-details", - "cp-device-delete", - "cp-get-device-threats", - "cp-update-device-threats", - "cp-delete-hash-from-lists", - "cp-update-hash-at-lists", - "cp-upload-threat", - "cp-get-threated-devices", - "cp-get-zones", - "cp-create-zone", - "cp-update-zone", - "cp-get-policies", + "name": "Cylance Protect", + "fromversion": "2.0.1", + "commands": [ + "cylance-protect-get-list", + "cylance-protect-get-devices", + "cylance-protect-get-threats", + "cylance-protect-download-threat", + "cylance-protect-get-threat-details", + "cylance-protect-device-delete", + "cylance-protect-get-device-threats", + "cylance-protect-update-device-threats", + "cylance-protect-delete-hash-from-lists", + "cylance-protect-update-hash-at-lists", + "cylance-protect-upload-threat", + "cylance-protect-get-threated-devices", + "cylance-protect-get-zones", + "cylance-protect-create-zone", + "cylance-protect-update-zone", + "cylance-protect-get-policies", + "cylance-protect-get-policy-details", + "cp-get-list", + "cp-get-devices", + "cp-get-threats", + "cp-download-threat", + "cp-get-threat-details", + "cp-device-delete", + "cp-get-device-threats", + "cp-update-device-threats", + "cp-delete-hash-from-lists", + "cp-update-hash-at-lists", + "cp-upload-threat", + "cp-get-threated-devices", + "cp-get-zones", + "cp-create-zone", + "cp-update-zone", + "cp-get-policies", "cp-get-policy-details" ] } - }, + }, { "TCPIPUtils": { - "name": "TCPIPUtils", + "name": "TCPIPUtils", "commands": [ "ip" ] } - }, + }, { "RSA NetWitness Security Analytics": { - "name": "RSA NetWitness Security Analytics", - "fromversion": "2.0.0", - "commands": [ - "nw-list-incidents", - "nw-login", - "nw-get-components", - "nw-get-events", - "nw-get-available-assignees", - "nw-create-incident", - "nw-add-events-to-incident", - "nw-update-incident", - "fetch-incidents", - "nw-get-alerts", - "nw-get-alert-details", - "nw-get-event-details", - "nw-get-incident-details", - "nw-get-alert-original", - "netwitness-im-list-incidents", - "netwitness-im-login", - "netwitness-im-get-components", - "netwitness-im-get-events", - "netwitness-im-get-available-assignees", - "netwitness-im-create-incident", - "netwitness-im-add-events-to-incident", - "netwitness-im-update-incident", - "netwitness-im-get-alerts", - "netwitness-im-get-alert-details", - "netwitness-im-get-event-details", - "netwitness-im-get-incident-details", + "name": "RSA NetWitness Security Analytics", + "fromversion": "2.0.0", + "commands": [ + "nw-list-incidents", + "nw-login", + "nw-get-components", + "nw-get-events", + "nw-get-available-assignees", + "nw-create-incident", + "nw-add-events-to-incident", + "nw-update-incident", + "fetch-incidents", + "nw-get-alerts", + "nw-get-alert-details", + "nw-get-event-details", + "nw-get-incident-details", + "nw-get-alert-original", + "netwitness-im-list-incidents", + "netwitness-im-login", + "netwitness-im-get-components", + "netwitness-im-get-events", + "netwitness-im-get-available-assignees", + "netwitness-im-create-incident", + "netwitness-im-add-events-to-incident", + "netwitness-im-update-incident", + "netwitness-im-get-alerts", + "netwitness-im-get-alert-details", + "netwitness-im-get-event-details", + "netwitness-im-get-incident-details", "netwitness-im-get-alert-original" ] } - }, + }, { "Where is the egg?": { - "name": "Where is the egg?", - "fromversion": "3.6.0", + "name": "Where is the egg?", + "fromversion": "3.6.0", "commands": [ "clue" ] } - }, + }, { "jira": { - "name": "jira", - "toversion": "2.5.0", - "commands": [ - "jira-issue-query", - "jira-get-issue", - "jira-create-issue", - "jira-issue-upload-file", - "jira-issue-add-comment", + "name": "jira", + "toversion": "2.5.0", + "commands": [ + "jira-issue-query", + "jira-get-issue", + "jira-create-issue", + "jira-issue-upload-file", + "jira-issue-add-comment", "jira-issue-add-link" ] } - }, + }, { "Vectra": { - "name": "Vectra", - "commands": [ - "vec-detections", - "vectra-detections", - "vec-hosts", - "vectra-hosts", - "vec-settings", - "vectra-settings", - "vec-health", - "vectra-health", - "vec-triage", - "vectra-triage", - "vec-sensors", - "vectra-sensors", - "vec-get-host-by-id", + "name": "Vectra", + "commands": [ + "vec-detections", + "vectra-detections", + "vec-hosts", + "vectra-hosts", + "vec-settings", + "vectra-settings", + "vec-health", + "vectra-health", + "vec-triage", + "vectra-triage", + "vec-sensors", + "vectra-sensors", + "vec-get-host-by-id", "vec-get-detetctions-by-id" ] } - }, + }, { "Twilio": { - "name": "Twilio", - "fromversion": "2.5.0", + "name": "Twilio", + "fromversion": "2.5.0", "commands": [ "TwilioSendSMS" ] } - }, + }, { "PhishTank": { - "name": "PhishTank", + "name": "PhishTank", "commands": [ - "url", - "phishtank-reload", + "url", + "phishtank-reload", "phishtank-status" ] } - }, + }, { "FireEye iSIGHT": { - "name": "FireEye iSIGHT", + "name": "FireEye iSIGHT", "commands": [ - "ip", - "domain", - "file", - "isight-get-report", + "ip", + "domain", + "file", + "isight-get-report", "isight-submit-file" ] } - }, + }, { "BigFix": { - "name": "BigFix", - "commands": [ - "bigfix-get-sites", - "bigfix-get-site", - "bigfix-get-patches", - "bigfix-get-endpoints", - "bigfix-get-endpoint", - "bigfix-deploy-patch", - "bigfix-get-patch", - "bigfix-action-delete", - "bigfix-action-status", - "bigfix-action-stop", + "name": "BigFix", + "commands": [ + "bigfix-get-sites", + "bigfix-get-site", + "bigfix-get-patches", + "bigfix-get-endpoints", + "bigfix-get-endpoint", + "bigfix-deploy-patch", + "bigfix-get-patch", + "bigfix-action-delete", + "bigfix-action-status", + "bigfix-action-stop", "bigfix-query" ] } - }, + }, { "Phish.AI": { - "name": "Phish.AI", - "fromversion": "4.0.0", + "name": "Phish.AI", + "fromversion": "4.0.0", "commands": [ - "phish-ai-scan-url", + "phish-ai-scan-url", "phish-ai-check-status" ] } - }, + }, { "Koodous": { - "name": "Koodous", + "name": "Koodous", "commands": [ "k-check-hash" ] } - }, + }, { "IntSights": { - "name": "IntSights", - "commands": [ - "intsights-get-alert-image", - "intsights-get-alert-activities", - "intsights-assign-alert", - "intsights-unassign-alert", - "intsights-send-mail", - "intsights-ask-the-analyst", - "intsights-add-tag-to-alert", - "intsights-remove-tag-from-alert", - "intsights-add-comment-to-alert", - "intsights-update-alert-severity", - "intsights-get-alert-by-id", - "intsights-get-ioc-by-value", - "intsights-get-iocs", - "intsights-get-alerts", - "intsights-alert-takedown-request", - "intsights-get-alert-takedown-status", - "intsights-update-ioc-blocklist-status", - "intsights-get-ioc-blocklist-status", + "name": "IntSights", + "commands": [ + "intsights-get-alert-image", + "intsights-get-alert-activities", + "intsights-assign-alert", + "intsights-unassign-alert", + "intsights-send-mail", + "intsights-ask-the-analyst", + "intsights-add-tag-to-alert", + "intsights-remove-tag-from-alert", + "intsights-add-comment-to-alert", + "intsights-update-alert-severity", + "intsights-get-alert-by-id", + "intsights-get-ioc-by-value", + "intsights-get-iocs", + "intsights-get-alerts", + "intsights-alert-takedown-request", + "intsights-get-alert-takedown-status", + "intsights-update-ioc-blocklist-status", + "intsights-get-ioc-blocklist-status", "intsights-close-alert" ] } } - ], + ], "TestPlaybooks": [ { "SignalSciences Test": { - "name": "SignalSciences Test", + "name": "SignalSciences Test", "implementing_commands": [ - "sigsci-get-blacklist", - "sigsci-get-whitelist", - "sigsci-blacklist-add-ip", - "sigsci-whitelist-add-ip", - "sigsci-blacklist-remove-ip", + "sigsci-get-blacklist", + "sigsci-get-whitelist", + "sigsci-blacklist-add-ip", + "sigsci-whitelist-add-ip", + "sigsci-blacklist-remove-ip", "sigsci-whitelist-remove-ip" ] } - }, + }, { "Microsoft Graph Test": { - "name": "Microsoft Graph Test", + "name": "Microsoft Graph Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "msg-search-alerts", - "msg-update-alert", + "msg-search-alerts", + "msg-update-alert", "msg-get-alert-details" ] } - }, + }, { "Mail Sender (New) Test": { - "name": "Email Sender Python", + "name": "Email Sender Python", "implementing_scripts": [ - "Set", - "FileCreateAndUpload", - "DeleteContext", + "Set", + "FileCreateAndUpload", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "googleapps-gmail-get-mail", - "googleapps-gmail-search", - "ThrowException", + "googleapps-gmail-get-mail", + "googleapps-gmail-search", + "ThrowException", "send-mail" ] } - }, + }, { "ThreatExchange-test": { - "name": "ThreatExchange-test", - "implementing_scripts": [ - "ExtractDomain", - "ExtractHash", - "Exists", - "ExtractIP", - "Print", - "IsMaliciousIndicatorFound", - "VerifyContextFields", + "name": "ThreatExchange-test", + "implementing_scripts": [ + "ExtractDomain", + "ExtractHash", + "Exists", + "ExtractIP", + "Print", + "IsMaliciousIndicatorFound", + "VerifyContextFields", "ExtractURL" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "PortListenCheck-test": { - "name": "PortListenCheck-test", + "name": "PortListenCheck-test", "implementing_scripts": [ - "Print", + "Print", "PortListenCheck" ] } - }, + }, { "Qualys-Test": { - "name": "Qualys-Test", + "name": "Qualys-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "qualys-pc-scan-list", - "qualys-report-template-list", - "qualys-vm-scan-list", - "qualys-scheduled-report-list", + "qualys-pc-scan-list", + "qualys-report-template-list", + "qualys-vm-scan-list", + "qualys-scheduled-report-list", "qualys-report-list" ] } - }, + }, { "Pipl Test": { - "name": "Pipl Test", + "name": "Pipl Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "pipl-search" ] } - }, + }, { "Splunk-Test": { - "name": "Splunk-Test", - "implementing_scripts": [ - "Set", - "DumpJSON", - "StringContains", - "VerifyContext", - "Print", - "IsGreaterThan", + "name": "Splunk-Test", + "implementing_scripts": [ + "Set", + "DumpJSON", + "StringContains", + "VerifyContext", + "Print", + "IsGreaterThan", "AreValuesEqual" - ], + ], "implementing_commands": [ - "splunk-parse-raw", - "splunk-search", - "splunk-submit-event", + "splunk-parse-raw", + "splunk-search", + "splunk-submit-event", "splunk-get-indexes" ] } - }, + }, { "67b0f25f-b061-4468-8613-43ab13147173": { - "name": "CbP-PlayBook", + "name": "CbP-PlayBook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cbp-fileUpload-download", - "cbp-connector-search", - "cbp-connector-get", - "cbp-fileAnalysis-createOrUpdate", - "cbp-fileUpload-createOrUpdate", - "cbp-fileUpload-get", + ], + "implementing_commands": [ + "cbp-fileUpload-download", + "cbp-connector-search", + "cbp-connector-get", + "cbp-fileAnalysis-createOrUpdate", + "cbp-fileUpload-createOrUpdate", + "cbp-fileUpload-get", "cbp-fileAnalysis-get" ] } - }, + }, { "test_url_regex": { - "name": "Test URL Regex", + "name": "Test URL Regex", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" ] } - }, + }, { "8984405a-4274-470a-8a34-a437d8e2e1c5": { - "name": "Test - PhishMe", + "name": "Test - PhishMe", "implementing_scripts": [ - "CloseInvestigation", - "IsGreaterThan", - "DeleteContext", + "CloseInvestigation", + "IsGreaterThan", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "phishme-search", - "email", - "file", + "url", + "phishme-search", + "email", + "file", "ip" ] } - }, + }, { "4078d8b6-37c6-42d7-8324-16096a2feb51": { - "name": "AWS - Route53 Test Playbook", + "name": "AWS - Route53 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-route53-waiter-resource-record-sets-changed", - "aws-route53-test-dns-answer", - "aws-route53-upsert-record", - "aws-route53-create-record", - "aws-route53-delete-record", - "aws-route53-list-resource-record-sets", + ], + "implementing_commands": [ + "aws-route53-waiter-resource-record-sets-changed", + "aws-route53-test-dns-answer", + "aws-route53-upsert-record", + "aws-route53-create-record", + "aws-route53-delete-record", + "aws-route53-list-resource-record-sets", "aws-route53-list-hosted-zones" ] } - }, + }, { "EWS Mail Sender Test": { - "name": "EWS Mail Sender Test", + "name": "EWS Mail Sender Test", "implementing_scripts": [ "http" - ], + ], "implementing_commands": [ "send-mail" ] } - }, + }, { "Icebrg Test": { - "name": "Icebrg Test", + "name": "Icebrg Test", "implementing_commands": [ - "icebrg-get-report-assets", - "icebrg-get-reports", - "icebrg-saved-searches", - "icebrg-search-events", - "icebrg-get-history", + "icebrg-get-report-assets", + "icebrg-get-reports", + "icebrg-saved-searches", + "icebrg-search-events", + "icebrg-get-history", "icebrg-get-report-indicators" ] } - }, + }, { "tenable-sc-scan-test": { - "name": "Test tenable scan", + "name": "Test tenable scan", "implementing_playbooks": [ "Launch Scan - Tenable.sc" ] } - }, + }, { "VMWare Test": { - "name": "VMWare Test", + "name": "VMWare Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "AreValuesEqual" - ], - "implementing_commands": [ - "vmware-get-events", - "vmware-poweroff", - "vmware-suspend", - "vmware-hard-reboot", - "vmware-poweron", - "vmware-revert-snapshot", - "vmware-create-snapshot", + ], + "implementing_commands": [ + "vmware-get-events", + "vmware-poweroff", + "vmware-suspend", + "vmware-hard-reboot", + "vmware-poweron", + "vmware-revert-snapshot", + "vmware-create-snapshot", "vmware-get-vms" ] } - }, + }, { "OpenPhish Test Playbook": { - "name": "OpenPhish Test Playbook", + "name": "OpenPhish Test Playbook", "implementing_scripts": [ - "Print", - "CloseInvestigation", + "Print", + "CloseInvestigation", "Exists" - ], + ], "implementing_commands": [ - "url", + "url", "openphish-status" ] } - }, + }, { "Intezer Testing": { - "name": "Intezer Testing", + "name": "Intezer Testing", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "intezer-upload", + "intezer-upload", "file" ] } - }, + }, { "test-domain-indicator": { - "name": "test-domain-indicator", + "name": "test-domain-indicator", "implementing_scripts": [ - "Print", - "GetIndicatorDBotScore", + "Print", + "GetIndicatorDBotScore", "Sleep" ] } - }, + }, { "ip_enrichment_generic_test": { - "name": "IP Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "IP Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "IP Enrichment - Generic" ] } - }, + }, { "Nessus - Test": { - "name": "Nessus - Test", + "name": "Nessus - Test", "implementing_scripts": [ "WhileLoop" - ], + ], "implementing_commands": [ - "nessus-scan-status", - "nessus-scan-report-download", - "nessus-scan-create", - "nessus-scan-export", - "nessus-launch-scan", + "nessus-scan-status", + "nessus-scan-report-download", + "nessus-scan-create", + "nessus-scan-export", + "nessus-launch-scan", "nessus-scan-details" ] } - }, + }, { "d66e5f86-e045-403f-819e-5058aa603c32": { - "name": "AWS - EC2 Test Playbook actions", + "name": "AWS - EC2 Test Playbook actions", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-ec2-create-snapshot", - "aws-ec2-monitor-instances", - "aws-ec2-modify-volume", - "aws-ec2-waiter-instance-terminated", - "aws-ec2-reboot-instances", - "aws-ec2-delete-snapshot", - "aws-ec2-get-latest-ami", - "aws-ec2-associate-address", - "aws-ec2-create-volume", - "aws-ec2-modify-network-interface-attribute", - "aws-ec2-waiter-instance-stopped", - "aws-ec2-describe-instances", - "aws-ec2-delete-security-group", - "aws-ec2-create-image", - "aws-ec2-allocate-address", - "aws-ec2-attach-volume", - "aws-ec2-run-instances", - "aws-ec2-start-instances", - "aws-ec2-disassociate-address", - "aws-ec2-waiter-image-available", - "aws-ec2-modify-instance-attribute", - "aws-ec2-waiter-instance-status-ok", - "aws-ec2-create-security-group", - "aws-ec2-delete-volume", - "aws-ec2-release-address", - "aws-ec2-copy-snapshot", - "aws-ec2-authorize-security-group-ingress-rule", - "aws-ec2-create-tags", - "aws-ec2-deregister-image", - "aws-ec2-unmonitor-instances", - "aws-ec2-detach-volume", - "aws-ec2-revoke-security-group-ingress-rule", - "aws-ec2-waiter-instance-running", - "aws-ec2-terminate-instances", - "aws-ec2-waiter-snapshot_completed", - "aws-ec2-copy-image", + ], + "implementing_commands": [ + "aws-ec2-create-snapshot", + "aws-ec2-monitor-instances", + "aws-ec2-modify-volume", + "aws-ec2-waiter-instance-terminated", + "aws-ec2-reboot-instances", + "aws-ec2-delete-snapshot", + "aws-ec2-get-latest-ami", + "aws-ec2-associate-address", + "aws-ec2-create-volume", + "aws-ec2-modify-network-interface-attribute", + "aws-ec2-waiter-instance-stopped", + "aws-ec2-describe-instances", + "aws-ec2-delete-security-group", + "aws-ec2-create-image", + "aws-ec2-allocate-address", + "aws-ec2-attach-volume", + "aws-ec2-run-instances", + "aws-ec2-start-instances", + "aws-ec2-disassociate-address", + "aws-ec2-waiter-image-available", + "aws-ec2-modify-instance-attribute", + "aws-ec2-waiter-instance-status-ok", + "aws-ec2-create-security-group", + "aws-ec2-delete-volume", + "aws-ec2-release-address", + "aws-ec2-copy-snapshot", + "aws-ec2-authorize-security-group-ingress-rule", + "aws-ec2-create-tags", + "aws-ec2-deregister-image", + "aws-ec2-unmonitor-instances", + "aws-ec2-detach-volume", + "aws-ec2-revoke-security-group-ingress-rule", + "aws-ec2-waiter-instance-running", + "aws-ec2-terminate-instances", + "aws-ec2-waiter-snapshot_completed", + "aws-ec2-copy-image", "aws-ec2-stop-instances" ] } - }, + }, { "Google-Vault-Generic-Test": { - "name": "Google Vault Generic Test", + "name": "Google Vault Generic Test", "implementing_scripts": [ - "VerifyContext", - "GeneratePassword", - "DeleteContext", + "VerifyContext", + "GeneratePassword", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "gvault-add-heldAccount", - "gvault-get-matter", - "gvault-create-hold", - "gvault-export-status", - "gvault-get-mail-results", - "gvault-remove-heldAccount", - "gvault-get-groups-results", - "gvault-delete-hold", - "gvault-create-export-mail", - "gvault-create-matter", - "gvault-create-export-drive", - "gvault-get-drive-results", + ], + "implementing_commands": [ + "gvault-add-heldAccount", + "gvault-get-matter", + "gvault-create-hold", + "gvault-export-status", + "gvault-get-mail-results", + "gvault-remove-heldAccount", + "gvault-get-groups-results", + "gvault-delete-hold", + "gvault-create-export-mail", + "gvault-create-matter", + "gvault-create-export-drive", + "gvault-get-drive-results", "gvault-create-export-groups" ] } - }, + }, { "cve_enrichment_-_generic_-_test": { - "name": "CVE Enrichment - Generic - Test", - "fromversion": "3.6.0", + "name": "CVE Enrichment - Generic - Test", + "fromversion": "3.6.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "CVE Enrichment - Generic" ] } - }, + }, { "ReadPDFFile-Test": { - "name": "ReadPDFFile-Test", + "name": "ReadPDFFile-Test", "implementing_scripts": [ - "DeleteContext", - "http", + "DeleteContext", + "http", "ReadPDFFile" ] } - }, + }, { "RegexGroups Test": { - "name": "RegexGroups Test", + "name": "RegexGroups Test", "implementing_scripts": [ - "RaiseError", - "VerifyContext", - "Set", + "RaiseError", + "VerifyContext", + "Set", "DeleteContext" ] } - }, + }, { "GmailTest": { - "name": "GmailTest", + "name": "GmailTest", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "gmail-add-delete-filter", - "gmail-get-thread", - "gmail-get-tokens-for-user", - "gmail-search-all-mailboxes", - "gmail-get-attachments", - "gmail-list-users", - "gmail-delete-user", - "gmail-create-user", - "gmail-get-mail", - "gmail-move-mail", - "gmail-get-user", + ], + "implementing_commands": [ + "gmail-add-delete-filter", + "gmail-get-thread", + "gmail-get-tokens-for-user", + "gmail-search-all-mailboxes", + "gmail-get-attachments", + "gmail-list-users", + "gmail-delete-user", + "gmail-create-user", + "gmail-get-mail", + "gmail-move-mail", + "gmail-get-user", "gmail-search" ] } - }, + }, { "Extract Indicators From File - test": { - "name": "Extract Indicators From File - test", + "name": "Extract Indicators From File - test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "http" - ], + ], "implementing_playbooks": [ "Extract Indicators From File - Generic" ] } - }, + }, { "Kenna Test": { - "name": "Kenna Test", + "name": "Kenna Test", "implementing_commands": [ - "kenna-update-asset", - "kenna-run-connector", - "kenna-search-vulnerabilities", - "kenna-search-fixes", - "kenna-update-vulnerability", + "kenna-update-asset", + "kenna-run-connector", + "kenna-search-vulnerabilities", + "kenna-search-fixes", + "kenna-update-vulnerability", "kenna-get-connectors" ] } - }, + }, { "3da2e31b-f114-4d7f-8702-117f3b498de9": { - "name": "AWS - CloudTrail Test Playbook", + "name": "AWS - CloudTrail Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-cloudtrail-start-logging", - "aws-cloudtrail-update-trail", - "aws-cloudtrail-describe-trails", - "aws-cloudtrail-lookup-events", - "aws-cloudtrail-delete-trail", - "aws-cloudtrail-create-trail", + ], + "implementing_commands": [ + "aws-cloudtrail-start-logging", + "aws-cloudtrail-update-trail", + "aws-cloudtrail-describe-trails", + "aws-cloudtrail-lookup-events", + "aws-cloudtrail-delete-trail", + "aws-cloudtrail-create-trail", "aws-cloudtrail-stop-logging" ] } - }, + }, { "test_Qradar": { - "name": "test_Qradar", + "name": "test_Qradar", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], + ], "implementing_playbooks": [ "QRadarFullSearch" - ], - "implementing_commands": [ - "qradar-delete-reference-set", - "qradar-create-reference-set-value", - "qradar-get-reference-by-name", - "qradar-get-note", - "qradar-offense-by-id", - "qradar-get-assets", - "qradar-create-note", - "qradar-offenses", - "qradar-get-asset-by-id", - "qradar-update-offense", - "qradar-create-reference-set", + ], + "implementing_commands": [ + "qradar-delete-reference-set", + "qradar-create-reference-set-value", + "qradar-get-reference-by-name", + "qradar-get-note", + "qradar-offense-by-id", + "qradar-get-assets", + "qradar-create-note", + "qradar-offenses", + "qradar-get-asset-by-id", + "qradar-update-offense", + "qradar-create-reference-set", "qradar-delete-reference-set-value" ] } - }, + }, { "Centreon-Test-Playbook": { - "name": "Centreon-Test-Playbook", + "name": "Centreon-Test-Playbook", "implementing_commands": [ "centreon-get-host-status" ] } - }, + }, { "ssdeepreputationtest": { - "name": "SsdeepReputationTest", + "name": "SsdeepReputationTest", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Sleep", - "SsdeepReputationTest", + "VerifyContext", + "DeleteContext", + "Sleep", + "SsdeepReputationTest", "SSDeepReputation" ] } - }, + }, { "crowdstrike_falconhost_test": { - "name": "CrowdStrike FalconHost Test", + "name": "CrowdStrike FalconHost Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cs-device-ran-on", - "cs-device-search", + "cs-device-ran-on", + "cs-device-search", "cs-device-details" ] } - }, + }, { "dnstwistTest": { - "name": "dnstwistTest", + "name": "dnstwistTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "dnstwist-domain-variations" ] } - }, + }, { "IPInfoTest": { - "name": "IPInfoTest", + "name": "IPInfoTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "Tanium Test Playbook": { - "name": "Tanium Test Playbook", - "fromversion": "2.5.0", + "name": "Tanium Test Playbook", + "fromversion": "2.5.0", "implementing_commands": [ - "tn-deploy-package", - "tn-ask-question", + "tn-deploy-package", + "tn-ask-question", "tn-get-saved-question" ] } - }, + }, { "Netskope Test": { - "name": "Netskope Test", + "name": "Netskope Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "netskope-events", + "netskope-events", "netskope-alerts" ] } - }, + }, { "entity_enrichment_generic_test": { - "name": "Entity Enrichment - Generic - Test", - "fromversion": "3.5.0", + "name": "Entity Enrichment - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Entity Enrichment - Generic" ] } - }, + }, { "CrowdStrike Falcon Intel v2": { - "name": "CrowdStrike Falcon Intel v2", + "name": "CrowdStrike Falcon Intel v2", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "ThrowException" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "cs-actors", - "cs-indicators", - "file", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "cs-actors", + "cs-indicators", + "file", "cs-reports" ] } - }, + }, { "search_endpoints_by_hash_-_tie_-_test": { - "name": "Search Endpoints By Hash - TIE - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - TIE - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - TIE" ] } - }, + }, { "nexpose_test": { - "name": "Nexpose test", + "name": "Nexpose test", "implementing_scripts": [ - "GenerateUUID", - "VerifyContext", + "GenerateUUID", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "nexpose-start-site-scan", - "nexpose-get-asset", - "nexpose-stop-scan", - "nexpose-delete-site", - "nexpose-get-asset-vulnerability", - "nexpose-create-site", - "nexpose-get-assets", - "nexpose-create-assets-report", - "nexpose-resume-scan", - "nexpose-pause-scan", - "nexpose-search-assets", + ], + "implementing_commands": [ + "nexpose-start-site-scan", + "nexpose-get-asset", + "nexpose-stop-scan", + "nexpose-delete-site", + "nexpose-get-asset-vulnerability", + "nexpose-create-site", + "nexpose-get-assets", + "nexpose-create-assets-report", + "nexpose-resume-scan", + "nexpose-pause-scan", + "nexpose-search-assets", "nexpose-get-scans" ] } - }, + }, { "cisco-ise-test-playbook": { - "name": "cisco-ise-test-playbook", + "name": "cisco-ise-test-playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "cisco-ise-get-endpoints" ] } - }, + }, { "CarbonBlackResponseTest": { - "name": "Carbon Black Response Test", + "name": "Carbon Black Response Test", "implementing_scripts": [ - "CarbonBlackResponseFilterSensors", - "VerifyContext", + "CarbonBlackResponseFilterSensors", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cb-watchlist-new", - "cb-get-processes", - "cb-get-process", - "cb-watchlist-del", - "cb-process-events", - "cb-quarantine-device", - "cb-sensor-info", - "cb-binary", - "cb-binary-get", - "cb-get-hash-blacklist", - "cb-watchlist-set", - "cb-unquarantine-device", - "cb-unblock-hash", - "cb-alert-update", - "cb-block-hash", + ], + "implementing_commands": [ + "cb-watchlist-new", + "cb-get-processes", + "cb-get-process", + "cb-watchlist-del", + "cb-process-events", + "cb-quarantine-device", + "cb-sensor-info", + "cb-binary", + "cb-binary-get", + "cb-get-hash-blacklist", + "cb-watchlist-set", + "cb-unquarantine-device", + "cb-unblock-hash", + "cb-alert-update", + "cb-block-hash", "cb-alert" ] } - }, + }, { "dedup_-_generic_-_test": { - "name": "Dedup - Generic - Test", - "fromversion": "3.5.0", + "name": "Dedup - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "CreateDuplicateIncident", + "VerifyContext", + "CreateDuplicateIncident", "DeleteContext" - ], + ], "implementing_playbooks": [ "Dedup - Generic" - ], + ], "implementing_commands": [ "setIncident" ] } - }, + }, { "VxStream Test": { - "name": "VxStream Test", + "name": "VxStream Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", + "VerifyContext", + "DeleteContext", + "http", "Exists" - ], + ], "implementing_commands": [ - "crowdstrike-detonate-file", - "crowdstrike-get-environments", - "crowdstrike-submit-url", - "crowdstrike-scan", + "crowdstrike-detonate-file", + "crowdstrike-get-environments", + "crowdstrike-submit-url", + "crowdstrike-scan", "crowdstrike-search" ] } - }, + }, { "PhishTank Testing": { - "name": "PhishTank Testing", + "name": "PhishTank Testing", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", - "Set", - "http", + "DeleteContext", + "VerifyContext", + "Set", + "http", "ReadFile" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "BigFixTest": { - "name": "BigFixTest", + "name": "BigFixTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "bigfix-action-delete", - "bigfix-action-stop", - "bigfix-get-site", - "bigfix-get-sites", - "bigfix-action-status", - "bigfix-get-patches", - "bigfix-get-endpoints", + ], + "implementing_commands": [ + "bigfix-action-delete", + "bigfix-action-stop", + "bigfix-get-site", + "bigfix-get-sites", + "bigfix-action-status", + "bigfix-get-patches", + "bigfix-get-endpoints", "bigfix-deploy-patch" ] } - }, + }, { "Cisco-Meraki-Test": { - "name": "Cisco-Meraki-Test", + "name": "Cisco-Meraki-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "meraki-get-organization-license-state", - "meraki-fetch-networks", - "meraki-fetch-organizations", - "meraki-fetch-devices", + "meraki-get-organization-license-state", + "meraki-fetch-networks", + "meraki-fetch-organizations", + "meraki-fetch-devices", "meraki-fetch-organization-inventory" ] } - }, + }, { "url_enrichment_-_generic_test": { - "name": "Url Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Url Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "URL Enrichment - Generic" - ], + ], "implementing_commands": [ "rasterize" ] } - }, + }, { "CheckpointFW-test": { - "name": "CheckpointFW-test", + "name": "CheckpointFW-test", "implementing_scripts": [ - "VerifyContextFields", - "CheckpointFWBackupStatus", - "DeleteContext", - "Sleep", + "VerifyContextFields", + "CheckpointFWBackupStatus", + "DeleteContext", + "Sleep", "CheckpointFWCreateBackup" - ], + ], "implementing_commands": [ - "checkpoint-delete-rule", - "checkpoint-block-ip", - "checkpoint-set-rule", - "checkpoint-show-access-rule-base", + "checkpoint-delete-rule", + "checkpoint-block-ip", + "checkpoint-set-rule", + "checkpoint-show-access-rule-base", "checkpoint-show-hosts" ] } - }, + }, { "Test Playbook McAfee ATD": { - "name": "Test Playbook McAfee ATD", + "name": "Test Playbook McAfee ATD", "implementing_scripts": [ - "FileCreateAndUpload", - "DeleteContext", - "Exists", + "FileCreateAndUpload", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_playbooks": [ - "Detonate URL - McAfee ATD", + "Detonate URL - McAfee ATD", "ATD - Detonate File" - ], + ], "implementing_commands": [ - "atd-list-analyzer-profiles", - "atd-login", + "atd-list-analyzer-profiles", + "atd-login", "atd-list-user" ] } - }, + }, { "Cisco-Umbrella-Test": { - "name": "Cisco-Umbrella-Test", + "name": "Cisco-Umbrella-Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "umbrella-domain-related", - "umbrella-domain-dns-history", - "investigate-umbrella-domain-co-occurrences", - "investigate-umbrella-domain-dns-history", - "umbrella-domain-security", - "investigate-umbrella-domain-search", - "umbrella-domain-search", - "investigate-umbrella-domain-related", - "umbrella-domain-co-occurrences", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "umbrella-domain-related", + "umbrella-domain-dns-history", + "investigate-umbrella-domain-co-occurrences", + "investigate-umbrella-domain-dns-history", + "umbrella-domain-security", + "investigate-umbrella-domain-search", + "umbrella-domain-search", + "investigate-umbrella-domain-related", + "umbrella-domain-co-occurrences", "umbrella-domain-categorization" ] } - }, + }, { "Test Playbook McAfee ePO": { - "name": "Test Playbook McAfee ePO", + "name": "Test Playbook McAfee ePO", "implementing_scripts": [ - "RaiseError", + "RaiseError", "DeleteContext" - ], - "implementing_commands": [ - "epo-clear-tag", - "epo-get-system-tree-group", - "epo-get-latest-dat", - "epo-update-client-dat", - "epo-advanced-command", - "epo-help", - "epo-find-systems", - "epo-update-repository", - "epo-get-version", - "epo-get-current-dat", - "epo-get-tables", - "epo-apply-tag", - "epo-find-system", + ], + "implementing_commands": [ + "epo-clear-tag", + "epo-get-system-tree-group", + "epo-get-latest-dat", + "epo-update-client-dat", + "epo-advanced-command", + "epo-help", + "epo-find-systems", + "epo-update-repository", + "epo-get-version", + "epo-get-current-dat", + "epo-get-tables", + "epo-apply-tag", + "epo-find-system", "epo-query-table" ] } - }, + }, { "grr_test": { - "name": "GRR Test", + "name": "GRR Test", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_commands": [ - "grr-get-hunts", - "grr-get-clients", - "grr-set-hunts", - "grr-set-flows", + "grr-get-hunts", + "grr-get-clients", + "grr-set-hunts", + "grr-set-flows", "grr-get-flows" ] } - }, + }, { "RTIR Test": { - "name": "RTIR Test", + "name": "RTIR Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "rtir-edit-ticket", - "rtir-resolve-ticket", - "rtir-create-ticket", - "rtir-get-ticket", + "rtir-edit-ticket", + "rtir-resolve-ticket", + "rtir-create-ticket", + "rtir-get-ticket", "rtir-search-ticket" ] } - }, + }, { "GeneratePassword-Test": { - "name": "GeneratePassword-Test", + "name": "GeneratePassword-Test", "implementing_scripts": [ - "Print", - "GeneratePassword", - "DeleteContext", + "Print", + "GeneratePassword", + "DeleteContext", "Exists" ] } - }, + }, { "EWS Public Folders Test": { - "name": "EWS Public Folders Test", + "name": "EWS Public Folders Test", "implementing_commands": [ - "ews-search-mailbox", - "ews-get-items-from-folder", - "ews-find-folders", + "ews-search-mailbox", + "ews-get-items-from-folder", + "ews-find-folders", "ews-get-folder" ] } - }, + }, { "account_enrichment_-_generic_test": { - "name": "Account Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Account Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Account Enrichment - Generic" ] } - }, + }, { "TestStringReplace": { - "name": "TestStringReplace", + "name": "TestStringReplace", "implementing_scripts": [ - "StringReplace", - "VerifyContextFields", + "StringReplace", + "VerifyContextFields", "DeleteContext" ] } - }, + }, { "EWSv2_empty_attachment_test": { - "name": "EWSv2_empty_attachment_test", + "name": "EWSv2_empty_attachment_test", "implementing_commands": [ "ews-get-attachment" ] } - }, + }, { "search_endpoints_by_hash_-_crowdstrike_-_test": { - "name": "Search Endpoints By Hash - CrowdStrike - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - CrowdStrike - Test", + "fromversion": "3.5.0", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - CrowdStrike" ] } - }, + }, { "IBM Resilient Systems Test": { - "name": "IBM Resilient Systems Test", + "name": "IBM Resilient Systems Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "rs-search-incidents", - "rs-related-incidents", - "rs-incidents-get-tasks", - "rs-incident-attachments", + "rs-search-incidents", + "rs-related-incidents", + "rs-incidents-get-tasks", + "rs-incident-attachments", "rs-incident-artifacts" ] } - }, + }, { "whois_test": { - "name": "whois_test", + "name": "whois_test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "closeInvestigation", + "closeInvestigation", "whois" ] } - }, + }, { "c7d68ad5MxToolbox_test": { - "name": "MxToolbox_test", + "name": "MxToolbox_test", "implementing_scripts": [ - "CloseInvestigation", - "Exists", + "CloseInvestigation", + "Exists", "ToTable" - ], + ], "implementing_commands": [ "mxtoolbox" ] } - }, + }, { "Jira-Test": { - "name": "Jira-Test", + "name": "Jira-Test", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", - "DeleteContext", + "VerifyContextFields", + "VerifyContext", + "DeleteContext", "FileCreateAndUpload" - ], - "implementing_commands": [ - "jira-create-issue", - "jira-issue-upload-file", - "jira-get-comments", - "jira-issue-add-comment", - "jira-edit-issue", - "jira-issue-query", - "jira-delete-issue", - "jira-issue-add-link", + ], + "implementing_commands": [ + "jira-create-issue", + "jira-issue-upload-file", + "jira-get-comments", + "jira-issue-add-comment", + "jira-edit-issue", + "jira-issue-query", + "jira-delete-issue", + "jira-issue-add-link", "jira-get-issue" ] } - }, + }, { "2142f8de-29d5-4288-8426-0db39abe988b": { - "name": "AWS - EC2 Test Playbook ", + "name": "AWS - EC2 Test Playbook ", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-ec2-describe-regions", - "aws-ec2-describe-volumes", - "aws-ec2-describe-key-pairs", - "aws-ec2-describe-instances", - "aws-ec2-describe-launch-templates", - "aws-ec2-describe-vpcs", - "aws-ec2-describe-security-groups", - "aws-ec2-describe-subnets", - "aws-ec2-describe-snapshots", - "aws-ec2-describe-images", + ], + "implementing_commands": [ + "aws-ec2-describe-regions", + "aws-ec2-describe-volumes", + "aws-ec2-describe-key-pairs", + "aws-ec2-describe-instances", + "aws-ec2-describe-launch-templates", + "aws-ec2-describe-vpcs", + "aws-ec2-describe-security-groups", + "aws-ec2-describe-subnets", + "aws-ec2-describe-snapshots", + "aws-ec2-describe-images", "aws-ec2-describe-addresses" ] } - }, + }, { "palo_alto_firewall_test_pb": { - "name": "palo_alto_firewall_test_pb", + "name": "palo_alto_firewall_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_playbooks": [ "PanoramaCommitConfiguration" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-list-addresses", - "panorama-get-address-group", - "panorama-get-url-category", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-edit-address-group", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-move-rule", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-list-addresses", + "panorama-get-address-group", + "panorama-get-url-category", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-edit-address-group", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-move-rule", "panorama-delete-address" ] } - }, + }, { "Google Safe Browsing Test": { - "name": "Google Safe Browsing Test", + "name": "Google Safe Browsing Test", "implementing_scripts": [ - "RaiseError", + "RaiseError", "CloseInvestigation" - ], + ], "implementing_commands": [ "url" ] } - }, + }, { "Tenable.io test": { - "name": "Tenable.io test", + "name": "Tenable.io test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "tenable-io-get-vulnerabilities-by-asset", - "tenable-io-get-scan-report", - "tenable-io-list-scans", - "tenable-io-get-vulnerability-details", + "tenable-io-get-vulnerabilities-by-asset", + "tenable-io-get-scan-report", + "tenable-io-list-scans", + "tenable-io-get-vulnerability-details", "tenable-io-get-scan-status" ] } - }, + }, { "JoeSecurityTestPlaybook": { - "name": "JoeSecurityTestPlaybook", + "name": "JoeSecurityTestPlaybook", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_commands": [ - "joe-download-report", - "joe-is-online", - "joe-analysis-info", - "joe-search", - "joe-analysis-submit-sample", + "joe-download-report", + "joe-is-online", + "joe-analysis-info", + "joe-search", + "joe-analysis-submit-sample", "joe-analysis-submit-url" ] } - }, + }, { "get_file_sample_by_hash_-_carbon_black_enterprise_Response_-_test": { - "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Carbon Black Enterprise Response" ] } - }, + }, { "OTRS Test": { - "name": "OTRS Test", + "name": "OTRS Test", "implementing_scripts": [ "FetchFromInstance" - ], + ], "implementing_commands": [ - "otrs-update-ticket", - "otrs-search-ticket", - "otrs-create-ticket", - "otrs-close-ticket", + "otrs-update-ticket", + "otrs-search-ticket", + "otrs-create-ticket", + "otrs-close-ticket", "otrs-get-ticket" ] } - }, + }, { "get_original_email_-_gmail_-_test": { - "name": "Get Original Email - Gmail - Test", + "name": "Get Original Email - Gmail - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - Gmail" ] } - }, + }, { "TestHPServiceManager": { - "name": "TestHPServiceManager", + "name": "TestHPServiceManager", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "hpsm-create-incident", - "hpsm-get-device", - "hpsm-list-incidents", + "hpsm-create-incident", + "hpsm-get-device", + "hpsm-list-incidents", "hpsm-get-incident-by-id" ] } - }, + }, { "AbuseIPDB Test": { - "name": "AbuseIPDB Test", + "name": "AbuseIPDB Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "abuseipdb-check-cidr-block", - "ip", - "abuseipdb-get-blacklist", + "abuseipdb-check-cidr-block", + "ip", + "abuseipdb-get-blacklist", "abuseipdb-report-ip" ] } - }, + }, { "TestIsValueInArray": { - "name": "TestIsValueInArray", + "name": "TestIsValueInArray", "implementing_scripts": [ - "CloseInvestigation", - "Set", + "CloseInvestigation", + "Set", "IsValueInArray" ] } - }, + }, { "GsuiteTest": { - "name": "test-Gsuite", + "name": "test-Gsuite", "implementing_scripts": [ "VerifyContextFields" - ], + ], "implementing_commands": [ "googleapps-list-users" ] } - }, + }, { "efc817d2-6660-4d4f-890d-90513ca1e180": { - "name": "Cisco Spark Test", + "name": "Cisco Spark Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cisco-spark-send-message-to-person", - "cisco-spark-list-teams", - "cisco-spark-list-people", - "cisco-spark-create-team", - "cisco-spark-delete-team", - "cisco-spark-delete-message", - "cisco-spark-send-message-to-room", - "cisco-spark-list-messages", + ], + "implementing_commands": [ + "cisco-spark-send-message-to-person", + "cisco-spark-list-teams", + "cisco-spark-list-people", + "cisco-spark-create-team", + "cisco-spark-delete-team", + "cisco-spark-delete-message", + "cisco-spark-send-message-to-room", + "cisco-spark-list-messages", "cisco-spark-list-rooms" ] } - }, + }, { "iDefenseTest": { - "name": "iDefenseTest", + "name": "iDefenseTest", "implementing_scripts": [ - "Print", - "VerifyContext", + "Print", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "uuid" ] } - }, + }, { "block_indicators_-_generic_-_test": { - "name": "Block Indicators - Generic - Test", + "name": "Block Indicators - Generic - Test", "implementing_playbooks": [ "Block Indicators - Generic" ] } - }, + }, { "rsa_packets_and_logs_test": { - "name": "RSA Packets And Logs test", - "fromversion": "3.5.0", + "name": "RSA Packets And Logs test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "nw-sdk-values", - "netwitness-msearch", - "nw-sdk-content", + "nw-sdk-values", + "netwitness-msearch", + "nw-sdk-content", "netwitness-query" ] } - }, + }, { "Google_Vault-Search_And_Display_Results_test": { - "name": "Google Vault - Search And Display Results test", + "name": "Google Vault - Search And Display Results test", "implementing_scripts": [ - "GeneratePassword", + "GeneratePassword", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Google Vault - Search Groups", - "Google Vault - Search Mail", - "Google Vault - Display Results", + "Google Vault - Search Groups", + "Google Vault - Search Mail", + "Google Vault - Display Results", "Google Vault - Search Drive" ] } - }, + }, { "URLDecode-Test": { - "name": "URLDecode-Test", + "name": "URLDecode-Test", "implementing_scripts": [ - "URLDecode", + "URLDecode", "DeleteContext" ] } - }, + }, { "Zscaler Test": { - "name": "Zscaler Test", + "name": "Zscaler Test", "implementing_scripts": [ - "GenerateUUID", + "GenerateUUID", "isError" - ], + ], "implementing_commands": [ - "zscaler-blacklist-url", - "zscaler-get-blacklist", - "zscaler-get-categories", + "zscaler-blacklist-url", + "zscaler-get-blacklist", + "zscaler-get-categories", "zscaler-category-add-url" ] } - }, + }, { "urlscan_malicious_Test": { - "name": "urlscan_malicious_Test", + "name": "urlscan_malicious_Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ "urlscan-search" ] } - }, + }, { "DemistoUploadFileToIncident Test": { - "name": "DemistoUploadFileToIncident Test", + "name": "DemistoUploadFileToIncident Test", "implementing_scripts": [ - "DemistoUploadFileToIncident", + "DemistoUploadFileToIncident", "http" ] } - }, + }, { "ParseEmailFiles-test": { - "name": "ParseEmailFiles-test", + "name": "ParseEmailFiles-test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "http", - "AreValuesEqual", + "VerifyContext", + "DeleteContext", + "http", + "AreValuesEqual", "ParseEmailFiles" ] } - }, + }, { "extract_indicators_-_generic_-_test": { - "name": "Extract Indicators - Generic - Test", - "fromversion": "3.5.0", + "name": "Extract Indicators - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "IncidentSet", - "DeleteContext", + "IncidentSet", + "DeleteContext", "VerifyContext" - ], + ], "implementing_playbooks": [ "Extract Indicators - Generic" ] } - }, + }, { "listExecutedCommands-Test": { - "name": "listExecutedCommands-Test", + "name": "listExecutedCommands-Test", "implementing_scripts": [ - "Print", - "listExecutedCommands", - "commentsToContext", - "CloseInvestigation", + "Print", + "listExecutedCommands", + "commentsToContext", + "CloseInvestigation", "AreValuesEqual" ] } - }, + }, { "Phishing test - Inline": { - "name": "Phishing test - Inline", + "name": "Phishing test - Inline", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "Tenable.io Scan Test": { - "name": "Tenable.io Scan Test", + "name": "Tenable.io Scan Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Tenable.io Scan" ] } - }, + }, { "AlphaSOC-Wisdom-Test": { - "name": "AlphaSOC Wisdom Test", + "name": "AlphaSOC Wisdom Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "wisdom-ip-flags", + "wisdom-ip-flags", "wisdom-domain-flags" ] } - }, + }, { "pyEWS_Test": { - "name": "pyEWS_Test", - "fromversion": "3.5.0", + "name": "pyEWS_Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "Exception", - "ews-get-out-of-office", - "ews-get-searchable-mailboxes", - "ews-find-folders", - "ews-get-items", - "ews-get-contacts", - "ews-get-attachment", + ], + "implementing_commands": [ + "Exception", + "ews-get-out-of-office", + "ews-get-searchable-mailboxes", + "ews-find-folders", + "ews-get-items", + "ews-get-contacts", + "ews-get-attachment", "ews-search-mailboxes" ] } - }, + }, { "virusTotal-test-playbook": { - "name": "virusTotal-test-playbook", + "name": "virusTotal-test-playbook", "implementing_scripts": [ - "Set", - "VerifyContext", - "DeleteContext", + "Set", + "VerifyContext", + "DeleteContext", "Exists" - ], + ], "implementing_commands": [ - "url", - "ip", - "domain", + "url", + "ip", + "domain", "file" ] } - }, + }, { "calculate_severity_-_critical_assets_-_test": { - "name": "Calculate Severity - Critical assets - Test", + "name": "Calculate Severity - Critical assets - Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ADGetUser" - ], + ], "implementing_playbooks": [ "Calculate Severity - Critical assets" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_response_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Response" ] } - }, + }, { "5dc848e5-a649-4394-8300-386770d39d75": { - "name": "TestGetDuplicatesIncidentsByMl", + "name": "TestGetDuplicatesIncidentsByMl", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "GetDuplicatesMl", + "VerifyContext", + "DeleteContext", + "GetDuplicatesMl", "TestCreateDuplicates" ] } - }, + }, { "LogRhythm-Test-Playbook": { - "name": "LogRhythm-Test-Playbook", + "name": "LogRhythm-Test-Playbook", "implementing_commands": [ "lr-get-alarms" ] } - }, + }, { "test_similar_incidents": { - "name": "Test Similar Incidents", - "fromversion": "3.5.0", + "name": "Test Similar Incidents", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "TestCreateDuplicates", + "VerifyContext", + "DeleteContext", + "TestCreateDuplicates", "FindSimilarIncidents" ] } - }, + }, { "2cddaacb-4e4c-407e-8ef5-d924867b810c": { - "name": "AWS - CloudWatchLogs Test Playbook_copy", + "name": "AWS - CloudWatchLogs Test Playbook_copy", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "aws-logs-describe-metric-filters", - "aws-logs-create-log-stream", - "aws-logs-put-retention-policy", - "aws-logs-delete-log-group", - "aws-logs-delete-log-stream", - "aws-logs-create-log-group", - "aws-logs-describe-log-streams", - "aws-logs-delete-metric-filter", - "aws-logs-put-log-events", - "aws-logs-describe-log-groups", - "aws-logs-put-metric-filter", + ], + "implementing_commands": [ + "aws-logs-describe-metric-filters", + "aws-logs-create-log-stream", + "aws-logs-put-retention-policy", + "aws-logs-delete-log-group", + "aws-logs-delete-log-stream", + "aws-logs-create-log-group", + "aws-logs-describe-log-streams", + "aws-logs-delete-metric-filter", + "aws-logs-put-log-events", + "aws-logs-describe-log-groups", + "aws-logs-put-metric-filter", "aws-logs-delete-retention-policy" ] } - }, + }, { "TestSkyformation": { - "name": "TestSkyformation", + "name": "TestSkyformation", "implementing_scripts": [ "TestFail" - ], + ], "implementing_commands": [ "skyformation-get-accounts" ] } - }, + }, { "EWS test": { - "name": "EWS test", + "name": "EWS test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "FileCreateAndUpload", + "VerifyContext", + "DeleteContext", + "FileCreateAndUpload", "SendEmail" - ], - "implementing_commands": [ - "ews-delete-attachments", - "ews-get-searchable-mailboxes", - "ews-search-mailbox", - "ews-find-folders", - "ews-get-items", - "ews-get-folder", - "ews-get-attachment", + ], + "implementing_commands": [ + "ews-delete-attachments", + "ews-get-searchable-mailboxes", + "ews-search-mailbox", + "ews-find-folders", + "ews-get-items", + "ews-get-folder", + "ews-get-attachment", "ews-delete-items" ] } - }, + }, { "ShodanTest": { - "name": "ShodanTest", + "name": "ShodanTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "d8628445-ff86-40f9-857d-50b3f1d295a6": { - "name": "Sandblast malicious test", + "name": "Sandblast malicious test", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "echo" - ], + ], "implementing_commands": [ - "sandblast-query", + "sandblast-query", "sandblast-upload" ] } - }, + }, { "minemeld_test": { - "name": "Palo Alto MineMeld Test", + "name": "Palo Alto MineMeld Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "minemeld-remove-from-miner", - "ip", - "minemeld-add-to-miner", - "minemeld-retrieve-miner", + "minemeld-remove-from-miner", + "ip", + "minemeld-add-to-miner", + "minemeld-retrieve-miner", "minemeld-get-indicator-from-miner" ] } - }, + }, { "Archer-Test-Playbook": { - "name": "Archer-Test-Playbook", + "name": "Archer-Test-Playbook", "implementing_scripts": [ - "VerifyContextFields", + "VerifyContextFields", "DeleteContext" - ], - "implementing_commands": [ - "archer-get-application-fields", - "archer-update-record", - "archer-search-records", - "archer-create-record", - "archer-delete-record", - "archer-search-applications", + ], + "implementing_commands": [ + "archer-get-application-fields", + "archer-update-record", + "archer-search-records", + "archer-create-record", + "archer-delete-record", + "archer-search-applications", "archer-get-record" ] } - }, + }, { "LanguageDetect-Test": { - "name": "LanguageDetect-Test", + "name": "LanguageDetect-Test", "implementing_scripts": [ - "CloseInvestigation", - "LanguageDetect", - "DeleteContext", - "Sleep", + "CloseInvestigation", + "LanguageDetect", + "DeleteContext", + "Sleep", "Exists" ] } - }, + }, { "ThreatGridTest": { - "name": "ThreatGridTest", + "name": "ThreatGridTest", "implementing_scripts": [ - "DeleteContext", - "Exists", + "DeleteContext", + "Exists", "AreValuesEqual" - ], - "implementing_commands": [ - "threat-grid-get-samples", - "threat-grid-download-sample-by-id", - "threat-grid-organization-get-rate-limit", - "threat-grid-user-get-rate-limit", - "threat-grid-get-threat-summary-by-id", - "threat-grid-who-am-i", + ], + "implementing_commands": [ + "threat-grid-get-samples", + "threat-grid-download-sample-by-id", + "threat-grid-organization-get-rate-limit", + "threat-grid-user-get-rate-limit", + "threat-grid-get-threat-summary-by-id", + "threat-grid-who-am-i", "threat-grid-upload-sample" ] } - }, + }, { "Detonate URL - Generic Test": { - "name": "Detonate URL - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate URL - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "Set", + "Set", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate URL - Generic" ] } - }, + }, { "test-ThreatConnect": { - "name": "test-ThreatConnect", + "name": "test-ThreatConnect", "implementing_commands": [ "tc-owners" ] } - }, + }, { "TestMatchRegex": { - "name": "TestMatchRegex", + "name": "TestMatchRegex", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "MatchRegex" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "search_endpoints_by_hash_-_generic_-_test": { - "name": "Search Endpoints By Hash - Generic - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Generic" ] } - }, + }, { "Detonate File - SNDBOX - Test": { - "name": "Detonate File - SNDBOX - Test", + "name": "Detonate File - SNDBOX - Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - SNDBOX" ] } - }, + }, { "CreatePhishingClassifierMLTest": { - "name": "Create Phishing Classifier ML Test", + "name": "Create Phishing Classifier ML Test", "implementing_scripts": [ - "DBotPredictPhishingLabel", - "VerifyContext", - "DeleteContext", - "TestCreateTagTextFile", + "DBotPredictPhishingLabel", + "VerifyContext", + "DeleteContext", + "TestCreateTagTextFile", "TestCreateIncidents" - ], + ], "implementing_playbooks": [ "DBot Create Phishing Classifier" ] } - }, + }, { "CirclIntegrationTest": { - "name": "CIRCL Test", + "name": "CIRCL Test", "implementing_scripts": [ - "VerifyHumanReadableContains", - "PrintErrorEntry", + "VerifyHumanReadableContains", + "PrintErrorEntry", "isError" - ], + ], "implementing_commands": [ - "circl-ssl-get-certificate", - "circl-ssl-list-certificates", - "circl-ssl-query-certificate", + "circl-ssl-get-certificate", + "circl-ssl-list-certificates", + "circl-ssl-query-certificate", "circl-dns-get" ] } - }, + }, { "ProofpointDecodeURL-Test": { - "name": "ProofpointDecodeURL-Test", + "name": "ProofpointDecodeURL-Test", "implementing_scripts": [ - "CloseInvestigation", - "ProofpointDecodeURL", - "Sleep", + "CloseInvestigation", + "ProofpointDecodeURL", + "Sleep", "AreValuesEqual" ] } - }, + }, { "FireEye HX Test": { - "name": "FireEye HX Test", + "name": "FireEye HX Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fireeye-hx-get-indicators", - "fireeye-hx-get-alert", - "fireeye-hx-file-acquisition", - "fireeye-hx-delete-file-acquisition", - "fireeye-hx-get-alerts", - "fireeye-hx-get-host-information", + ], + "implementing_commands": [ + "fireeye-hx-get-indicators", + "fireeye-hx-get-alert", + "fireeye-hx-file-acquisition", + "fireeye-hx-delete-file-acquisition", + "fireeye-hx-get-alerts", + "fireeye-hx-get-host-information", "fireeye-hx-get-indicator" ] } - }, + }, { "hashicorp_test": { - "name": "hashicorp_test", + "name": "hashicorp_test", "implementing_scripts": [ - "GetTime", + "GetTime", "DeleteContext" - ], - "implementing_commands": [ - "hashicorp-list-policies", - "hashicorp-disable-engine", - "hashicorp-create-token", - "hashicorp-list-secrets", - "hashicorp-get-secret-metadata", - "hashicorp-configure-engine", - "hashicorp-undelete-secret", - "hashicorp-destroy-secret", - "hashicorp-get-policy", - "hashicorp-enable-engine", - "hashicorp-list-secrets-engines", - "hashicorp-delete-secret", + ], + "implementing_commands": [ + "hashicorp-list-policies", + "hashicorp-disable-engine", + "hashicorp-create-token", + "hashicorp-list-secrets", + "hashicorp-get-secret-metadata", + "hashicorp-configure-engine", + "hashicorp-undelete-secret", + "hashicorp-destroy-secret", + "hashicorp-get-policy", + "hashicorp-enable-engine", + "hashicorp-list-secrets-engines", + "hashicorp-delete-secret", "hashicorp-reset-configuration" ] } - }, + }, { "decodemimeheader_-_test": { - "name": "DecodeMimeHeader - Test", - "fromversion": "3.5.0", + "name": "DecodeMimeHeader - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DecodeMimeHeader", - "DeleteContext", + "DecodeMimeHeader", + "DeleteContext", "VerifyContext" ] } - }, + }, { "XFE Test": { - "name": "XFE Test", + "name": "XFE Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", - "Exists", + "VerifyContext", + "DeleteContext", + "Exists", "AreValuesEqual" - ], + ], "implementing_commands": [ - "domain", - "url", - "ip", - "cve-latest", - "cve-search", + "domain", + "url", + "ip", + "cve-latest", + "cve-search", "file" ] } - }, + }, { "Base64 File in List Test": { - "name": "Base64 File in List Test", + "name": "Base64 File in List Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Base64ListToFile" - ], + ], "implementing_commands": [ "setList" ] } - }, + }, { "Cybereason Test": { - "name": "Cybereason Test", + "name": "Cybereason Test", "implementing_scripts": [ - "FetchFromInstance", - "VerifyContext", + "FetchFromInstance", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "cybereason-malop-processes", - "cybereason-query-connections", - "cybereason-query-processes", - "cybereason-is-probe-connected", + "cybereason-malop-processes", + "cybereason-query-connections", + "cybereason-query-processes", + "cybereason-is-probe-connected", "cybereason-query-malops" ] } - }, + }, { "ActiveMQ Test": { - "name": "ActiveMQ Test", + "name": "ActiveMQ Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], + ], "implementing_commands": [ - "activemq-send", + "activemq-send", "activemq-subscribe" ] } - }, + }, { "McAfeeNSMTest": { - "name": "McAfeeNSMTest", + "name": "McAfeeNSMTest", "implementing_commands": [ - "nsm-get-domains", - "nsm-get-ips-policy-details", - "nsm-update-alerts", - "nsm-get-ips-policies", - "nsm-get-alerts", + "nsm-get-domains", + "nsm-get-ips-policy-details", + "nsm-update-alerts", + "nsm-get-ips-policies", + "nsm-get-alerts", "nsm-get-sensors" ] } - }, + }, { "SNDBOX_Test": { - "name": "SNDBOX_Test", + "name": "SNDBOX_Test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_commands": [ - "sndbox-analysis-info", - "sndbox-analysis-submit-sample", - "sndbox-download-sample", - "sndbox-download-report", + "sndbox-analysis-info", + "sndbox-analysis-submit-sample", + "sndbox-download-sample", + "sndbox-download-report", "sndbox-is-online" ] } - }, + }, { "Fortigate Test": { - "name": "Fortigate Test", + "name": "Fortigate Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "fortigate-move-policy", - "fortigate-create-firewall-service", - "fortigate-get-service-groups", - "fortigate-get-policy", - "fortigate-get-address-groups", - "fortigate-get-firewall-service", - "fortigate-delete-policy", - "fortigate-get-addresses", - "fortigate-update-service-group", - "fortigate-update-address-group", - "fortigate-delete-address-group", - "fortigate-create-address-group", - "fortigate-create-policy", + ], + "implementing_commands": [ + "fortigate-move-policy", + "fortigate-create-firewall-service", + "fortigate-get-service-groups", + "fortigate-get-policy", + "fortigate-get-address-groups", + "fortigate-get-firewall-service", + "fortigate-delete-policy", + "fortigate-get-addresses", + "fortigate-update-service-group", + "fortigate-update-address-group", + "fortigate-delete-address-group", + "fortigate-create-address-group", + "fortigate-create-policy", "fortigate-update-policy" ] } - }, + }, { "sep_-_test_endpoint_search": { - "name": "SEP - Test endpoint search", - "fromversion": "3.5.0", + "name": "SEP - Test endpoint search", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "sep-endpoints-info" ] } - }, + }, { "awake_security_test_pb": { - "name": "awake_security_test_pb", + "name": "awake_security_test_pb", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "domain", - "ip", - "awake-query-activities", - "awake-pcap-download", - "awake-query-domains", - "awake-query-devices", - "device", + ], + "implementing_commands": [ + "domain", + "ip", + "awake-query-activities", + "awake-pcap-download", + "awake-query-domains", + "awake-query-devices", + "device", "email" ] } - }, + }, { "af2f5a99-d70b-48c1-8c25-519732b733f2": { - "name": "nmap-test", + "name": "nmap-test", "implementing_scripts": [ - "CloseInvestigation", - "Print", + "CloseInvestigation", + "Print", "Exists" - ], + ], "implementing_commands": [ "nmap-scan" ] } - }, + }, { "Detonate File - No Files test": { - "name": "Detonate File - No Files test", + "name": "Detonate File - No Files test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "3010a07c-0a85-480c-87db-cf3f09fcbd7c": { - "name": "ContextGetters-Test", - "implementing_scripts": [ - "ExtractHash", - "IsTrue", - "ContextGetEmails", - "ExtractIP", - "ContextGetHashes", - "ContextGetIps", + "name": "ContextGetters-Test", + "implementing_scripts": [ + "ExtractHash", + "IsTrue", + "ContextGetEmails", + "ExtractIP", + "ContextGetHashes", + "ContextGetIps", "ExtractEmail" ] } - }, + }, { "test-LinkIncidentsWithRetry": { - "name": "test-LinkIncidentsWithRetry", + "name": "test-LinkIncidentsWithRetry", "implementing_scripts": [ - "Print", - "LinkIncidentsWithRetry", + "Print", + "LinkIncidentsWithRetry", "AreValuesEqual" - ], + ], "implementing_commands": [ "createNewIncident" ] } - }, + }, { "2e7770c4-8b78-4ee5-84c7-22a9e481b166": { - "name": "Autofocus_test", + "name": "Autofocus_test", "implementing_scripts": [ - "CloseInvestigation", - "IsMaliciousIndicatorFound", + "CloseInvestigation", + "IsMaliciousIndicatorFound", "AreValuesEqual" - ], + ], "implementing_commands": [ - "autofocus-search-sessions", - "file", + "autofocus-search-sessions", + "file", "autofocus-search-samples" ] } - }, + }, { "Remedy-On-Demand-Test": { - "name": "Remedy-On-Demand-Test", + "name": "Remedy-On-Demand-Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "remedy-get-incident", - "remedy-fetch-incidents", - "remedy-incident-create", + "remedy-get-incident", + "remedy-fetch-incidents", + "remedy-incident-create", "remedy-incident-update" ] } - }, + }, { "get_file_sample_from_path_-_generic_-_test": { - "name": "Get File Sample From Path - Generic - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Generic" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "Test ParseCSV": { - "name": "Test ParseCSV", + "name": "Test ParseCSV", "implementing_scripts": [ - "DeleteContext", - "FileCreateAndUpload", - "ParseCSV", + "DeleteContext", + "FileCreateAndUpload", + "ParseCSV", "AreValuesEqual" ] } - }, + }, { "Preempt Test": { - "name": "Preempt Test", + "name": "Preempt Test", "implementing_commands": [ - "preempt-remove-from-watch-list", - "preempt-get-user-endpoints", - "preempt-get-activities", + "preempt-remove-from-watch-list", + "preempt-get-user-endpoints", + "preempt-get-activities", "preempt-add-to-watch-list" ] } - }, + }, { "playbook-Cymon_Test": { - "name": "playbook-Cymon_Test", + "name": "playbook-Cymon_Test", "implementing_scripts": [ - "VerifyContext", - "StringContains", - "DeleteContext", + "VerifyContext", + "StringContains", + "DeleteContext", "ValidateErrorExistence" - ], + ], "implementing_commands": [ - "ip", + "ip", "domain" ] } - }, + }, { "150778e9-90ca-4c28-873e-f050f2c6d3a3": { - "name": "HTTPRedirectList Test", + "name": "HTTPRedirectList Test", "implementing_scripts": [ - "CloseInvestigation", - "HTTPListRedirects", + "CloseInvestigation", + "HTTPListRedirects", "AreValuesEqual" ] } - }, + }, { "TCPUtils-Test": { - "name": "Tcpiputlis Test Playbook", + "name": "Tcpiputlis Test Playbook", "implementing_scripts": [ - "VerifyContextFields", - "VerifyContext", + "VerifyContextFields", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "ip" ] } - }, + }, { "113aca8a-ee52-419f-89a6-150ee232d0d1": { - "name": "S3 Test", + "name": "S3 Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-describe-buckets", - "aws-s3-list-bucket-objects", - "aws-s3-set-bucket-policy", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-describe-buckets", + "aws-s3-list-bucket-objects", + "aws-s3-set-bucket-policy", "aws-s3-delete-bucket" ] } - }, + }, { "buildewsquery_test": { - "name": "BuildEWSQuery Test", + "name": "BuildEWSQuery Test", "implementing_scripts": [ - "BuildEWSQuery", + "BuildEWSQuery", "VerifyContext" ] } - }, + }, { "palo_alto_panorama_test_pb": { - "name": "palo_alto_panorama_test_pb", + "name": "palo_alto_panorama_test_pb", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "panorama-list-applications", - "panorama-create-rule", - "panorama-commit", - "panorama-delete-rule", - "panorama-create-address-group", - "panorama-get-address-group", - "panorama-move-rule", - "panorama", - "panorama-edit-rule", - "panorama-get-url-filter", - "panorama-list-address-groups", - "panorama-get-custom-url-category", - "panorama-create-address", - "panorama-delete-address-group", - "panorama-list-addresses", + ], + "implementing_commands": [ + "panorama-list-applications", + "panorama-create-rule", + "panorama-commit", + "panorama-delete-rule", + "panorama-create-address-group", + "panorama-get-address-group", + "panorama-move-rule", + "panorama", + "panorama-edit-rule", + "panorama-get-url-filter", + "panorama-list-address-groups", + "panorama-get-custom-url-category", + "panorama-create-address", + "panorama-delete-address-group", + "panorama-list-addresses", "panorama-delete-address" ] } - }, + }, { "okta_test_playbook": { - "name": "Okta test playbook", + "name": "Okta test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "okta-get-application-authentication", - "okta-list-groups", - "okta-get-application-assignments", - "okta-get-user-factors", - "okta-get-groups", - "okta-suspend-user", - "okta-add-to-group", - "okta-update-user", - "okta-remove-from-group", - "okta-get-failed-logins", - "okta-get-group-members", - "okta-unsuspend-user", + ], + "implementing_commands": [ + "okta-get-application-authentication", + "okta-list-groups", + "okta-get-application-assignments", + "okta-get-user-factors", + "okta-get-groups", + "okta-suspend-user", + "okta-add-to-group", + "okta-update-user", + "okta-remove-from-group", + "okta-get-failed-logins", + "okta-get-group-members", + "okta-unsuspend-user", "okta-get-group-assignments" ] } - }, + }, { "test_delete_context": { - "name": "Test Delete Context", + "name": "Test Delete Context", "implementing_scripts": [ - "RaiseError", - "Set", - "DeleteContext", + "RaiseError", + "Set", + "DeleteContext", "isError" ] } - }, + }, { "JiraCreateIssue-example-test": { - "name": "JiraCreateIssue-example-test", + "name": "JiraCreateIssue-example-test", "implementing_scripts": [ - "JiraCreateIssue-example", + "JiraCreateIssue-example", "DeleteContext" - ], + ], "implementing_commands": [ "jira-delete-issue" ] } - }, + }, { "AttivoBotsinkTest": { - "name": "AttivoBotsinkTest", + "name": "AttivoBotsinkTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "attivo-list-hosts", - "attivo-list-users", - "attivo-check-user", - "attivo-run-playbook", - "attivo-check-host", - "attivo-get-events", - "attivo-deploy-decoy", + ], + "implementing_commands": [ + "attivo-list-hosts", + "attivo-list-users", + "attivo-check-user", + "attivo-run-playbook", + "attivo-check-host", + "attivo-get-events", + "attivo-deploy-decoy", "attivo-list-playbooks" ] } - }, + }, { "email_test": { - "name": "Email Address Enrichment - Generic - Test", + "name": "Email Address Enrichment - Generic - Test", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Email Address Enrichment - Generic" ] } - }, + }, { "Cisco Umbrella Test": { - "name": "Cisco Umbrella Test", + "name": "Cisco Umbrella Test", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "umbrella-ip-dns-history", - "domain", - "umbrella-domain-related", - "umbrella-get-domains-using-regex", - "umbrella-domain-dns-history", - "umbrella-get-url-timeline", - "umbrella-get-domain-classifiers", - "umbrella-get-malicious-domains-for-ip", - "umbrella-get-domains-for-email-registrar", - "umbrella-get-domains-for-nameserver", - "umbrella-domain-categorization", - "umbrella-domain-security", - "umbrella-get-domain-timeline", - "umbrella-get-domain-details", - "umbrella-ip-malicious-domains", - "umbrella-get-related-domains", - "umbrella-get-whois-for-domain", - "umbrella-domain-search", - "umbrella-domain-co-occurrences", - "umbrella-get-ip-timeline", + ], + "implementing_commands": [ + "umbrella-ip-dns-history", + "domain", + "umbrella-domain-related", + "umbrella-get-domains-using-regex", + "umbrella-domain-dns-history", + "umbrella-get-url-timeline", + "umbrella-get-domain-classifiers", + "umbrella-get-malicious-domains-for-ip", + "umbrella-get-domains-for-email-registrar", + "umbrella-get-domains-for-nameserver", + "umbrella-domain-categorization", + "umbrella-domain-security", + "umbrella-get-domain-timeline", + "umbrella-get-domain-details", + "umbrella-ip-malicious-domains", + "umbrella-get-related-domains", + "umbrella-get-whois-for-domain", + "umbrella-domain-search", + "umbrella-domain-co-occurrences", + "umbrella-get-ip-timeline", "umbrella-get-domain-queryvolume" ] } - }, + }, { "fd93f620-9a2d-4fb6-85d1-151a6a72e46d": { - "name": "AWS - SQS Test Playbook", + "name": "AWS - SQS Test Playbook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "aws-sqs-purge-queue", - "aws-sqs-list-queues", - "aws-sqs-send-message", - "aws-sqs-get-queue-url", - "aws-sqs-create-queue", + "aws-sqs-purge-queue", + "aws-sqs-list-queues", + "aws-sqs-send-message", + "aws-sqs-get-queue-url", + "aws-sqs-create-queue", "aws-sqs-delete-queue" ] } - }, + }, { "RedCanaryTest": { - "name": "RedCanaryTest", + "name": "RedCanaryTest", "implementing_scripts": [ "DeleteContext" - ], - "implementing_commands": [ - "redcanary-get-endpoint", - "redcanary-update-remediation-state", - "redcanary-list-detections", - "redcanary-list-endpoints", - "redcanary-acknowledge-detection", - "redcanary-get-endpoint-detections", - "redcanary-get-detection", + ], + "implementing_commands": [ + "redcanary-get-endpoint", + "redcanary-update-remediation-state", + "redcanary-list-detections", + "redcanary-list-endpoints", + "redcanary-acknowledge-detection", + "redcanary-get-endpoint-detections", + "redcanary-get-detection", "redcanary-execute-playbook" ] } - }, + }, { "blockip_test_playbook": { - "name": "blockip_test_playbook", + "name": "blockip_test_playbook", "implementing_scripts": [ "BlockIP" ] } - }, + }, { "block_endpoint_-_carbon_black_response_-_test": { - "name": "Block Endpoint - Carbon Black Response - Test", - "fromversion": "3.5.0", + "name": "Block Endpoint - Carbon Black Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Block Endpoint - Carbon Black Response" - ], + ], "implementing_commands": [ - "cb-list-sensors", - "cb-unquarantine-device", + "cb-list-sensors", + "cb-unquarantine-device", "cb-sensor-info" ] } - }, + }, { "exporttocsv_script_test": { - "name": "ExportToCSV script test", - "fromversion": "3.6.0", + "name": "ExportToCSV script test", + "fromversion": "3.6.0", "implementing_scripts": [ - "DeleteContext", - "ExportToCSV", - "AreValuesEqual", + "DeleteContext", + "ExportToCSV", + "AreValuesEqual", "ReadFile" ] } - }, + }, { "get_file_sample_from_path_-_d2_-_test": { - "name": "Get File Sample From Path - D2 - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - D2 - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - D2" ] } - }, + }, { "GetTime-Test": { - "name": "GetTime-Test", + "name": "GetTime-Test", "implementing_scripts": [ - "GetTime", - "DeleteContext", + "GetTime", + "DeleteContext", "MatchRegex" ] } - }, + }, { "CreateEmailHtmlBody_test_pb": { - "name": "CreateEmailHtmlBody_test_pb", + "name": "CreateEmailHtmlBody_test_pb", "implementing_scripts": [ - "CreateEmailHtmlBody", + "CreateEmailHtmlBody", "DeleteContext" - ], + ], "implementing_commands": [ "createList" ] } - }, + }, { "forcepoint test": { - "name": "forcepoint test", + "name": "forcepoint test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "fp-get-category-detailes", - "fp-delete-address-from-category", - "fp-add-address-to-category", - "fp-add-category", + "fp-get-category-detailes", + "fp-delete-address-from-category", + "fp-add-address-to-category", + "fp-add-category", "fp-delete-categories" ] } - }, + }, { "CrowdStrike Endpoint Enrichment - Test": { - "name": "CrowdStrike Endpoint Enrichment - Test", - "fromversion": "3.5.0", + "name": "CrowdStrike Endpoint Enrichment - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "PrintErrorEntry" - ], + ], "implementing_playbooks": [ "CrowdStrike Endpoint Enrichment" - ], + ], "implementing_commands": [ - "cs-device-search", + "cs-device-search", "cs-detection-search" ] } - }, + }, { "endpoint_enrichment_-_generic_test": { - "name": "Endpoint Enrichment - Generic Test", - "fromversion": "3.5.0", + "name": "Endpoint Enrichment - Generic Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Endpoint Enrichment - Generic" ] } - }, + }, { "TestHttpPlaybook": { - "name": "TestHttpPlaybook", + "name": "TestHttpPlaybook", "implementing_scripts": [ - "VerifyContextFields", - "DeleteContext", + "VerifyContextFields", + "DeleteContext", "http" ] } - }, + }, { "Test-IsMaliciousIndicatorFound": { - "name": "Test-IsMaliciousIndicatorFound", + "name": "Test-IsMaliciousIndicatorFound", "implementing_scripts": [ - "VerifyContext", - "Sleep", + "VerifyContext", + "Sleep", "IsMaliciousIndicatorFound" - ], + ], "implementing_commands": [ "createNewIndicator" ] } - }, + }, { "Mimecast test": { - "name": "Mimecast test", + "name": "Mimecast test", "implementing_scripts": [ - "FetchFromInstance", + "FetchFromInstance", "DeleteContext" - ], - "implementing_commands": [ - "mimecast-get-impersonation-logs", - "mimecast-query", - "mimecast-download-attachments", - "mimecast-url-decode", - "mimecast-refresh-token", - "mimecast-create-policy", - "mimecast-manage-sender", - "mimecast-get-message", - "mimecast-discover", - "mimecast-list-messages", - "mimecast-create-managed-url", - "mimecast-list-managed-url", - "mimecast-get-attachment-logs", - "mimecast-list-blocked-sender-policies", - "mimecast-login", - "mimecast-delete-policy", - "mimecast-get-policy", + ], + "implementing_commands": [ + "mimecast-get-impersonation-logs", + "mimecast-query", + "mimecast-download-attachments", + "mimecast-url-decode", + "mimecast-refresh-token", + "mimecast-create-policy", + "mimecast-manage-sender", + "mimecast-get-message", + "mimecast-discover", + "mimecast-list-messages", + "mimecast-create-managed-url", + "mimecast-list-managed-url", + "mimecast-get-attachment-logs", + "mimecast-list-blocked-sender-policies", + "mimecast-login", + "mimecast-delete-policy", + "mimecast-get-policy", "mimecast-get-url-logs" ] } - }, + }, { "TestParseCSV": { - "name": "TestParseCSV", + "name": "TestParseCSV", "implementing_scripts": [ - "Set", - "VerifyContext", - "ParseCSV", - "DeleteContext", + "Set", + "VerifyContext", + "ParseCSV", + "DeleteContext", "ExportToCSV" ] } - }, + }, { "ArcSight Logger test": { - "name": "ArcSight Logger test", + "name": "ArcSight Logger test", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "as-search", - "as-close", - "as-drilldown", - "as-search-events", - "as-status", + "as-search", + "as-close", + "as-drilldown", + "as-search-events", + "as-status", "as-events" ] } - }, + }, { "Cylance Protect v2 Test": { - "name": "Cylance Protect v2 Test", + "name": "Cylance Protect v2 Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "cylance-protect-delete-hash-from-lists", - "cylance-protect-download-threat", - "cylance-protect-get-zones", - "cylance-protect-get-devices", - "cylance-protect-get-policies", - "cylance-protect-get-list", - "cylance-protect-get-threat", - "cylance-protect-get-device-threats", - "cylance-protect-get-policy-details", + ], + "implementing_commands": [ + "cylance-protect-delete-hash-from-lists", + "cylance-protect-download-threat", + "cylance-protect-get-zones", + "cylance-protect-get-devices", + "cylance-protect-get-policies", + "cylance-protect-get-list", + "cylance-protect-get-threat", + "cylance-protect-get-device-threats", + "cylance-protect-get-policy-details", "cylance-protect-add-hash-to-list" ] } - }, + }, { "McAfeeESMTest": { - "name": "McAfeeESMTest", + "name": "McAfeeESMTest", "implementing_scripts": [ - "GetTime", - "VerifyContext", + "GetTime", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "esm-edit-case-status", - "esm-get-case-statuses", - "esm-search", - "esm-add-case-status", - "esm-get-alarm-event-details", - "esm-get-organization-list", - "esm-list-alarm-events", - "esm-delete-case-status", - "esm-edit-case", - "esm-get-user-list", - "esm-get-case-detail", - "esm-add-case", + ], + "implementing_commands": [ + "esm-edit-case-status", + "esm-get-case-statuses", + "esm-search", + "esm-add-case-status", + "esm-get-alarm-event-details", + "esm-get-organization-list", + "esm-list-alarm-events", + "esm-delete-case-status", + "esm-edit-case", + "esm-get-user-list", + "esm-get-case-detail", + "esm-add-case", "esm-fetch-alarms" ] } - }, + }, { "Detonate File - Generic Test": { - "name": "Detonate File - Generic Test", - "fromversion": "4.0.0", + "name": "Detonate File - Generic Test", + "fromversion": "4.0.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Jask_Test": { - "name": "Jask Test", + "name": "Jask Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "jask-search-signals", - "jask-search-entities", - "jask-get-entity-details", - "jask-get-insight-details", - "closeInvestigation", - "jask-search-insights", - "jask-get-signal-details", - "jask-get-related-entities", + ], + "implementing_commands": [ + "jask-search-signals", + "jask-search-entities", + "jask-get-entity-details", + "jask-get-insight-details", + "closeInvestigation", + "jask-search-insights", + "jask-get-signal-details", + "jask-get-related-entities", "jask-get-insight-comments" ] } - }, + }, { "RSA NetWitness Test": { - "name": "RSA NetWitness Test", + "name": "RSA NetWitness Test", "implementing_commands": [ - "netwitness-get-incident", + "netwitness-get-incident", "netwitness-get-incidents" ] } - }, + }, { "Test_Sagemaker": { - "name": "Test Sagemaker", + "name": "Test Sagemaker", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "predict-phishing" ] } - }, + }, { "ExtractURL Test": { - "name": "ExtractURL Test", + "name": "ExtractURL Test", "implementing_scripts": [ - "Print", - "ExtractURL", + "Print", + "ExtractURL", "IsTrue" ] } - }, + }, { "tenable-sc-test": { - "name": "Tenable.sc Test", + "name": "Tenable.sc Test", "implementing_scripts": [ - "GetTime", - "VerifyContext", - "DeleteContext", + "GetTime", + "VerifyContext", + "DeleteContext", "FetchFromInstance" - ], - "implementing_commands": [ - "tenable-sc-get-asset", - "tenable-sc-list-alerts", - "tenable-sc-get-system-licensing", - "tenable-sc-get-scan-status", - "tenable-sc-list-scans", - "tenable-sc-list-repositories", - "tenable-sc-create-scan", - "tenable-sc-delete-scan", - "tenable-sc-get-scan-report", - "tenable-sc-list-assets", - "tenable-sc-get-vulnerability", - "tenable-sc-get-device", - "tenable-sc-create-asset", - "tenable-sc-get-alert", - "tenable-sc-launch-scan", - "tenable-sc-list-report-definitions", - "tenable-sc-delete-asset", - "tenable-sc-list-credentials", - "tenable-sc-list-policies", - "tenable-sc-list-zones", + ], + "implementing_commands": [ + "tenable-sc-get-asset", + "tenable-sc-list-alerts", + "tenable-sc-get-system-licensing", + "tenable-sc-get-scan-status", + "tenable-sc-list-scans", + "tenable-sc-list-repositories", + "tenable-sc-create-scan", + "tenable-sc-delete-scan", + "tenable-sc-get-scan-report", + "tenable-sc-list-assets", + "tenable-sc-get-vulnerability", + "tenable-sc-get-device", + "tenable-sc-create-asset", + "tenable-sc-get-alert", + "tenable-sc-launch-scan", + "tenable-sc-list-report-definitions", + "tenable-sc-delete-asset", + "tenable-sc-list-credentials", + "tenable-sc-list-policies", + "tenable-sc-list-zones", "tenable-sc-list-users" ] } - }, + }, { "ReversingLabsA1000Test": { - "name": "ReversingLabsA1000Test", + "name": "ReversingLabsA1000Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "reversinglabs-download", - "reversinglabs-extracted-files", - "reversinglabs-download-unpacked", - "reversinglabs-analyze", + "reversinglabs-download", + "reversinglabs-extracted-files", + "reversinglabs-download-unpacked", + "reversinglabs-analyze", "file" ] } - }, + }, { "TestWordFileToIOC": { - "name": "TestWordFileToIOC", + "name": "TestWordFileToIOC", "implementing_scripts": [ - "TestCreateWordFile", - "ExtractIP", - "VerifyContext", - "ReadFile", + "TestCreateWordFile", + "ExtractIP", + "VerifyContext", + "ReadFile", "ParseWordDoc" ] } - }, + }, { "TestExtractHTMLTables": { - "name": "TestExtractHTMLTables", + "name": "TestExtractHTMLTables", "implementing_scripts": [ - "Print", - "CloseInvestigation", - "ExtractHTMLTables", - "DeleteContext", + "Print", + "CloseInvestigation", + "ExtractHTMLTables", + "DeleteContext", "Exists" ] } - }, + }, { "7ab45104-22aa-4e1b-8062-cadcbb28d87f": { - "name": "Test - urlscan", + "name": "Test - urlscan", "implementing_scripts": [ - "CloseInvestigation", - "DeleteContext", + "CloseInvestigation", + "DeleteContext", "AreValuesEqual" - ], + ], "implementing_commands": [ - "url", - "ip", + "url", + "ip", "urlscan-submit" ] } - }, + }, { "RasterizeImageTest": { - "name": "RasterizeImageTest", + "name": "RasterizeImageTest", "implementing_scripts": [ - "GenerateImageFileEntry", + "GenerateImageFileEntry", "DeleteContext" - ], + ], "implementing_commands": [ - "rasterize-image", + "rasterize-image", "closeInvestigation" ] } - }, + }, { "InfoArmorVigilanteATITest": { - "name": "InfoArmorVigilanteATITest", + "name": "InfoArmorVigilanteATITest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "vigilante-get-leak", - "vigilante-query-infected-host-data", - "vigilante-query-domains", - "vigilante-query-accounts", - "vigilante-watchlist-add-accounts", - "vigilante-watchlist-remove-accounts", - "vigilante-get-watchlist", - "vigilante-query-ecrime-db", + ], + "implementing_commands": [ + "vigilante-get-leak", + "vigilante-query-infected-host-data", + "vigilante-query-domains", + "vigilante-query-accounts", + "vigilante-watchlist-add-accounts", + "vigilante-watchlist-remove-accounts", + "vigilante-get-watchlist", + "vigilante-query-ecrime-db", "vigilante-search-leaks" ] } - }, + }, { "strings-test": { - "name": "strings-test", + "name": "strings-test", "implementing_scripts": [ - "CreateBinaryFile", - "FileCreateAndUpload", - "Strings", - "PublishEntriesToContext", + "CreateBinaryFile", + "FileCreateAndUpload", + "Strings", + "PublishEntriesToContext", "VerifyContext" ] } - }, + }, { "process_email_-_generic_-_test": { - "name": "Process Email - Generic - Test", + "name": "Process Email - Generic - Test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Process Email - Generic" ] } - }, + }, { "97393cfc-2fc4-4dfe-8b6e-af64067fc436": { - "name": "AWS - S3 Test Playbook", + "name": "AWS - S3 Test Playbook", "implementing_scripts": [ "VerifyContext" - ], - "implementing_commands": [ - "aws-s3-create-bucket", - "aws-s3-get-bucket-policy", - "aws-s3-download-file", - "aws-s3-delete-bucket-policy", - "aws-s3-delete-bucket", - "aws-s3-list-buckets", - "aws-s3-list-bucket-objects", + ], + "implementing_commands": [ + "aws-s3-create-bucket", + "aws-s3-get-bucket-policy", + "aws-s3-download-file", + "aws-s3-delete-bucket-policy", + "aws-s3-delete-bucket", + "aws-s3-list-buckets", + "aws-s3-list-bucket-objects", "aws-s3-put-bucket-policy" ] } - }, + }, { "TestFileCreateAndUpload": { - "name": "TestFileCreateAndUpload", + "name": "TestFileCreateAndUpload", "implementing_scripts": [ - "Print", - "FileCreateAndUpload", - "DeleteContext", + "Print", + "FileCreateAndUpload", + "DeleteContext", "CloseInvestigation" ] } - }, + }, { "get_original_email_-_ews-_test": { - "name": "Get Original Email - EWS - Test", + "name": "Get Original Email - EWS - Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_playbooks": [ "Get Original Email - EWS" ] } - }, + }, { "Remedy AR Test": { - "name": "Remedy AR Test", + "name": "Remedy AR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "remedy-get-server-details" ] } - }, + }, { "WordTokenizeTest": { - "name": "WordTokenizeTest", + "name": "WordTokenizeTest", "implementing_scripts": [ - "VerifyContext", - "WordTokenizer", + "VerifyContext", + "WordTokenizer", "DeleteContext" ] } - }, + }, { "ExtractDomainTest": { - "name": "ExtractDomainTest", + "name": "ExtractDomainTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "ExtractDomain" ] } - }, + }, { "TestCommonPython": { - "name": "TestCommonPython", + "name": "TestCommonPython", "implementing_scripts": [ "TestPYCommonServer" ] } - }, + }, { "get_file_sample_by_hash_-_cylance_protect_-_test": { - "name": "Get File Sample By Hash - Cylance Protect - Test", - "fromversion": "3.5.0", + "name": "Get File Sample By Hash - Cylance Protect - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "Set", - "VerifyContext", + "Set", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample By Hash - Cylance Protect" ] } - }, + }, { "TestPacketsled": { - "name": "TestPacketsled", + "name": "TestPacketsled", "implementing_commands": [ - "packetsled-get-flows", - "packetsled-get-pcaps", - "packetsled-get-files", + "packetsled-get-flows", + "packetsled-get-pcaps", + "packetsled-get-files", "packetsled-get-incidents" ] } - }, + }, { "EWS search-mailbox test": { - "name": "EWS search-mailbox test", + "name": "EWS search-mailbox test", "implementing_scripts": [ - "VerifyContext", - "DeleteContext", + "VerifyContext", + "DeleteContext", "Sleep" - ], + ], "implementing_commands": [ - "ews-search-mailbox", - "ews-move-item", + "ews-search-mailbox", + "ews-move-item", "send-mail" ] } - }, + }, { "IntSights Test": { - "name": "IntSights Test", + "name": "IntSights Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "DeleteContext", - "Exists", + "Print", + "VerifyContext", + "DeleteContext", + "Exists", "IsValueInArray" - ], - "implementing_commands": [ - "intsights-get-alerts", - "intsights-get-iocs", - "intsights-add-comment-to-alert", - "intsights-add-tag-to-alert", - "intsights-update-alert-severity", - "closeInvestigation", + ], + "implementing_commands": [ + "intsights-get-alerts", + "intsights-get-iocs", + "intsights-add-comment-to-alert", + "intsights-add-tag-to-alert", + "intsights-update-alert-severity", + "closeInvestigation", "intsights-get-alert-activities" ] } - }, + }, { "SalesforceTestPlaybook": { - "name": "SalesforceTestPlaybook", + "name": "SalesforceTestPlaybook", "implementing_scripts": [ - "ContextContains", + "ContextContains", "DeleteContext" - ], - "implementing_commands": [ - "salesforce-update-case", - "salesforce-get-case", - "salesforce-search", - "salesforce-create-case", - "salesforce-delete-case", - "salesforce-push-comment", - "salesforce-get-object", - "salesforce-close-case", - "salesforce-update-object", + ], + "implementing_commands": [ + "salesforce-update-case", + "salesforce-get-case", + "salesforce-search", + "salesforce-create-case", + "salesforce-delete-case", + "salesforce-push-comment", + "salesforce-get-object", + "salesforce-close-case", + "salesforce-update-object", "salesforce-query" ] } - }, + }, { "Wildfire Test": { - "name": "Wildfire Test", + "name": "Wildfire Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "wildfire-upload", - "wildfire-upload-file-remote", + "wildfire-upload", + "wildfire-upload-file-remote", "wildfire-report" ] } - }, + }, { "Vectra-test": { - "name": "Vectra-test", + "name": "Vectra-test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "vectra-sensors", - "vectra-settings", - "vectra-hosts", - "vectra-triage", + "vectra-sensors", + "vectra-settings", + "vectra-hosts", + "vectra-triage", "vectra-detections" ] } - }, + }, { "CuckooTest": { - "name": "CuckooTest", + "name": "CuckooTest", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Cuckoo", + "Detonate URL - Cuckoo", "Detonate File - Cuckoo" ] } - }, + }, { "TextFromHTML_test_playbook": { - "name": "TextFromHTML Test", + "name": "TextFromHTML Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "TextFromHTML" ] } - }, + }, { "PhishAi-Test": { - "name": "PhishAi-Test", + "name": "PhishAi-Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ "phish-ai-scan-url" ] } - }, + }, { "Phishing test - attachment": { - "name": "Phishing test - attachment", + "name": "Phishing test - attachment", "implementing_scripts": [ - "ScheduleCommand", - "PhishingIncident", - "DeleteContext", + "ScheduleCommand", + "PhishingIncident", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Phishing Investigation - Generic" ] } - }, + }, { "search_endpoints_by_hash_-_carbon_black_protection_-_test": { - "name": "Search Endpoints By Hash - Carbon Black Protection - Test", - "fromversion": "3.5.0", + "name": "Search Endpoints By Hash - Carbon Black Protection - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Search Endpoints By Hash - Carbon Black Protection" ] } - }, + }, { "Test-Detonate URL - Phish.AI": { - "name": "Test-Detonate URL - Phish.AI", + "name": "Test-Detonate URL - Phish.AI", "implementing_playbooks": [ "Detonate URL - Phish.AI" ] } - }, + }, { "ReversingLabsTCTest": { - "name": "ReversingLabsTCTest", + "name": "ReversingLabsTCTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "file" ] } - }, + }, { "get_file_sample_from_path_-_carbon_black_enterprise_response_-_test": { - "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", - "fromversion": "3.5.0", + "name": "Get File Sample From Path - Carbon Black Enterprise Response - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_playbooks": [ "Get File Sample From Path - Carbon Black Enterprise Response" - ], + ], "implementing_commands": [ "cb-list-sensors" ] } - }, + }, { "PostgreSQL Test": { - "name": "PostgreSQL Test", - "fromversion": "3.6.0", + "name": "PostgreSQL Test", + "fromversion": "3.6.0", "implementing_scripts": [ "VerifyHumanReadableEquals" - ], + ], "implementing_commands": [ "pgsql-query" ] } - }, + }, { "DUO Test Playbook": { - "name": "DUO Test Playbook", + "name": "DUO Test Playbook", "implementing_scripts": [ - "DeleteContext", - "PrintErrorEntry", - "AreValuesEqual", + "DeleteContext", + "PrintErrorEntry", + "AreValuesEqual", "PrintContext" - ], + ], "implementing_commands": [ "duo-preauth" ] } - }, + }, { "secureworks_test": { - "name": "Secureworks test", + "name": "Secureworks test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "secure-works-create-ticket", - "secure-works-get-ticket", - "secure-works-update-ticket", - "secure-works-get-tickets-ids", - "secure-works-get-ticket-count", - "secure-works-close-ticket", + ], + "implementing_commands": [ + "secure-works-create-ticket", + "secure-works-get-ticket", + "secure-works-update-ticket", + "secure-works-get-tickets-ids", + "secure-works-get-ticket-count", + "secure-works-close-ticket", "secure-works-get-tickets-updates" ] } - }, + }, { "File Enrichment - Generic Test": { - "name": "File Enrichment - Generic Test", + "name": "File Enrichment - Generic Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "File Enrichment - Generic" ] } - }, + }, { "JSONtoCSV-Test": { - "name": "JSONtoCSV-Test", + "name": "JSONtoCSV-Test", "implementing_scripts": [ - "JSONFileToCSV", - "LoadJSON", - "ParseCSV", - "JSONtoCSV", - "FileCreateAndUpload", + "JSONFileToCSV", + "LoadJSON", + "ParseCSV", + "JSONtoCSV", + "FileCreateAndUpload", "DeleteContext" ] } - }, + }, { "ZipFile-Test": { - "name": "ZipFile-Test", + "name": "ZipFile-Test", "implementing_scripts": [ - "http", - "ZipFile", - "CloseInvestigation", - "Sleep", - "UnzipFile", + "http", + "ZipFile", + "CloseInvestigation", + "Sleep", + "UnzipFile", "DeleteContext" ] } - }, + }, { "d5cb69b1-c81c-4f27-8a40-3106c0cb2620": { - "name": "AWS - IAM Test Playbook", + "name": "AWS - IAM Test Playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "Sleep" - ], - "implementing_commands": [ - "aws-iam-update-user", - "aws-iam-update-access-key", - "aws-iam-get-user", - "aws-iam-remove-user-from-group", - "aws-iam-add-role-to-instance-profile", - "aws-iam-create-instance-profile", - "aws-iam-list-roles", - "aws-iam-attach-policy", - "aws-iam-create-login-profile", - "aws-iam-create-group", - "aws-iam-get-instance-profile", - "aws-iam-list-instance-profiles-for-role", - "aws-iam-update-login-profile", - "aws-iam-list-policies", - "aws-iam-get-role", - "aws-iam-list-access-keys-for-user", - "aws-iam-list-instance-profiles", - "aws-iam-delete-role", - "aws-iam-list-groups", - "aws-iam-remove-role-from-instance-profile", - "aws-iam-delete-user", - "aws-iam-create-role", - "aws-iam-delete-access-key", - "aws-iam-detach-policy", - "aws-iam-create-access-key", - "aws-iam-delete-group", - "aws-iam-create-user", - "aws-iam-delete-login-profile", - "aws-iam-list-groups-for-user", - "aws-iam-add-user-to-group", - "aws-iam-list-users", + ], + "implementing_commands": [ + "aws-iam-update-user", + "aws-iam-update-access-key", + "aws-iam-get-user", + "aws-iam-remove-user-from-group", + "aws-iam-add-role-to-instance-profile", + "aws-iam-create-instance-profile", + "aws-iam-list-roles", + "aws-iam-attach-policy", + "aws-iam-create-login-profile", + "aws-iam-create-group", + "aws-iam-get-instance-profile", + "aws-iam-list-instance-profiles-for-role", + "aws-iam-update-login-profile", + "aws-iam-list-policies", + "aws-iam-get-role", + "aws-iam-list-access-keys-for-user", + "aws-iam-list-instance-profiles", + "aws-iam-delete-role", + "aws-iam-list-groups", + "aws-iam-remove-role-from-instance-profile", + "aws-iam-delete-user", + "aws-iam-create-role", + "aws-iam-delete-access-key", + "aws-iam-detach-policy", + "aws-iam-create-access-key", + "aws-iam-delete-group", + "aws-iam-create-user", + "aws-iam-delete-login-profile", + "aws-iam-list-groups-for-user", + "aws-iam-add-user-to-group", + "aws-iam-list-users", "aws-iam-delete-instance-profile" ] } - }, + }, { "ExposeIncidentOwner-Test": { - "name": "ExposeIncidentOwner-Test", + "name": "ExposeIncidentOwner-Test", "implementing_scripts": [ - "CloseInvestigation", - "AssignAnalystToIncident", - "ExposeIncidentOwner", + "CloseInvestigation", + "AssignAnalystToIncident", + "ExposeIncidentOwner", "AreValuesEqual" ] } - }, + }, { "McAfeeWebGatewayTest": { - "name": "McAfeeWebGatewayTest", + "name": "McAfeeWebGatewayTest", "implementing_scripts": [ - "ContextContains", - "DeleteContext", - "Sleep", + "ContextContains", + "DeleteContext", + "Sleep", "PrintContext" - ], + ], "implementing_commands": [ - "mwg-insert-entry", - "mwg-get-list-entry", - "mwg-get-list", - "mwg-delete-entry", + "mwg-insert-entry", + "mwg-get-list-entry", + "mwg-get-list", + "mwg-delete-entry", "mwg-get-available-lists" ] } - }, + }, { "DemistoLockTest": { - "name": "DemistoLockTest", + "name": "DemistoLockTest", "implementing_scripts": [ - "Set", - "Print", - "DeleteContext", - "Sleep", + "Set", + "Print", + "DeleteContext", + "Sleep", "isError" - ], + ], "implementing_commands": [ - "closeInvestigation", - "demisto-lock-release-all", - "demisto-lock-release", - "demisto-lock-get", + "closeInvestigation", + "demisto-lock-release-all", + "demisto-lock-release", + "demisto-lock-get", "demisto-lock-info" ] } - }, + }, { "Detonate File - BitDam Test": { - "name": "Detonate File - BitDam Test", + "name": "Detonate File - BitDam Test", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ "Detonate File - BitDam" ] } - }, + }, { "Luminate-TestPlaybook": { - "name": "Luminate-TestPlaybook", + "name": "Luminate-TestPlaybook", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "lum-block-user", - "lum-destroy-user-session", - "lum-unblock-user", - "lum-get-ssh-access-logs", + "lum-block-user", + "lum-destroy-user-session", + "lum-unblock-user", + "lum-get-ssh-access-logs", "lum-get-http-access-logs" ] } - }, + }, { "McAfee-MAR_Test": { - "name": "McAfee-MAR_Test", + "name": "McAfee-MAR_Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "mar-collectors-list", - "mar-search-multiple", + "mar-collectors-list", + "mar-search-multiple", "mar-search" ] } - }, + }, { "CarbonBlackLiveResponseTest": { - "name": "Carbon Black Live Response Test", + "name": "Carbon Black Live Response Test", "implementing_scripts": [ - "TestCreateWordFile", - "DeleteContext", + "TestCreateWordFile", + "DeleteContext", "Sleep" - ], - "implementing_commands": [ - "cb-get-file-from-endpoint", - "cb-command-create-and-wait", - "cb-session-create-and-wait", - "cb-keepalive", - "cb-file-delete-from-endpoint", - "cb-push-file-to-endpoint", - "cb-list-sessions", + ], + "implementing_commands": [ + "cb-get-file-from-endpoint", + "cb-command-create-and-wait", + "cb-session-create-and-wait", + "cb-keepalive", + "cb-file-delete-from-endpoint", + "cb-push-file-to-endpoint", + "cb-list-sessions", "cb-session-close" ] } - }, + }, { "Recorded Future Test": { - "name": "Recorded Future Test", + "name": "Recorded Future Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "recorded-future-get-related-entities", + "ip", + "domain", + "recorded-future-get-related-entities", "file" ] } - }, + }, { "NetWitness Endpoint Test": { - "name": "NetWitness Endpoint Test", + "name": "NetWitness Endpoint Test", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "netwitness-get-machines", - "netwitness-blacklist-domains", - "netwitness-blacklist-ips", + "netwitness-get-machines", + "netwitness-blacklist-domains", + "netwitness-blacklist-ips", "netwitness-get-machine-module" ] } - }, + }, { "DNSDBTest": { - "name": "DNSDBTest", + "name": "DNSDBTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "dnsdb-rrset", + "dnsdb-rrset", "dnsdb-rdata" ] } - }, + }, { "VerifyHumanReadableFormat": { - "name": "VerifyHumanReadableFormat", + "name": "VerifyHumanReadableFormat", "implementing_scripts": [ - "VerifyTableToMarkDown", + "VerifyTableToMarkDown", "VerifyTreeToFlatObject" ] } - }, + }, { "domain_enrichment_generic_test": { - "name": "Domain Enrichment Generic - Test", - "fromversion": "3.5.0", + "name": "Domain Enrichment Generic - Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", - "VerifyContext", + "DeleteContext", + "VerifyContext", "Set" - ], + ], "implementing_playbooks": [ "Domain Enrichment - Generic" ] } - }, + }, { "Anomali_ThreatStream_Test": { - "name": "Anomali ThreatStream Test", - "fromversion": "3.5.0", + "name": "Anomali ThreatStream Test", + "fromversion": "3.5.0", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "ip", - "domain", - "threatstream-email-reputation", - "threatstream-intelligence", + "ip", + "domain", + "threatstream-email-reputation", + "threatstream-intelligence", "file" ] } - }, + }, { "ParseExcel-test": { - "name": "ParseExcel-test", + "name": "ParseExcel-test", "implementing_scripts": [ - "ParseExcel", - "DeleteContext", + "ParseExcel", + "DeleteContext", "http" ] } - }, + }, { "Zoom_Test": { - "name": "Zoom_Test", + "name": "Zoom_Test", "implementing_scripts": [ - "Print", - "VerifyContext", - "GenerateEmail", + "Print", + "VerifyContext", + "GenerateEmail", "DeleteContext" - ], + ], "implementing_commands": [ - "zoom-create-meeting", - "zoom-list-users", - "zoom-fetch-recording", - "zoom-create-user", + "zoom-create-meeting", + "zoom-list-users", + "zoom-fetch-recording", + "zoom-create-user", "zoom-delete-user" ] } - }, + }, { "DomainTools-Test": { - "name": "DomainTools-Test", + "name": "DomainTools-Test", "implementing_scripts": [ - "VerifyContext", - "NotInContextVerification", + "VerifyContext", + "NotInContextVerification", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "whois", - "reverseWhois", - "reverseNameServer", - "domainSearch", - "domainProfile", - "whoisHistory", + ], + "implementing_commands": [ + "domain", + "whois", + "reverseWhois", + "reverseNameServer", + "domainSearch", + "domainProfile", + "whoisHistory", "reverseIP" ] } - }, + }, { "RedLockTest": { - "name": "RedLockTest", + "name": "RedLockTest", "implementing_scripts": [ "DeleteContext" - ], + ], "implementing_commands": [ - "redlock-search-alerts", - "redlock-reopen-alerts", - "redlock-get-alert-details", + "redlock-search-alerts", + "redlock-reopen-alerts", + "redlock-get-alert-details", "redlock-dismiss-alerts" ] } - }, + }, { "TruSTAR Test": { - "name": "TruSTAR Test", + "name": "TruSTAR Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "domain", - "url", - "ip", - "trustar-correlated-reports", - "file", - "trustar-trending-indicators", + ], + "implementing_commands": [ + "domain", + "url", + "ip", + "trustar-correlated-reports", + "file", + "trustar-trending-indicators", "trustar-search-indicators" ] } - }, + }, { "JoeSecurityTestDetonation": { - "name": "JoeSecurityTestDetonation", - "fromversion": "4.0.0", + "name": "JoeSecurityTestDetonation", + "fromversion": "4.0.0", "implementing_scripts": [ - "FileCreateAndUpload", + "FileCreateAndUpload", "DeleteContext" - ], + ], "implementing_playbooks": [ - "Detonate File - JoeSecurity", - "Detonate File From URL - JoeSecurity", + "Detonate File - JoeSecurity", + "Detonate File From URL - JoeSecurity", "Detonate URL - JoeSecurity" ] } - }, + }, { "Symantec Messaging Gateway Test": { - "name": "Symantec Messaging Gateway Test", + "name": "Symantec Messaging Gateway Test", "implementing_scripts": [ - "GenerateIP", - "VerifyContext", - "GenerateUUID", + "GenerateIP", + "VerifyContext", + "GenerateUUID", "AreValuesEqual" - ], + ], "implementing_commands": [ - "smg-unblock-domain", - "smg-block-ip", - "smg-unblock-ip", - "smg-block-domain", - "smg-block-email", + "smg-unblock-domain", + "smg-block-ip", + "smg-unblock-ip", + "smg-block-domain", + "smg-block-email", "smg-unblock-email" ] } - }, + }, { "devo_test_playbook": { - "name": "Devo test playbook", + "name": "Devo test playbook", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "devo-query" ] } - }, + }, { "Lastline - testplaybook": { - "name": "Lastline - testplaybook", + "name": "Lastline - testplaybook", "implementing_scripts": [ - "DeleteContext", - "Set", + "DeleteContext", + "Set", "http" - ], + ], "implementing_playbooks": [ - "Detonate URL - Lastline", + "Detonate URL - Lastline", "Detonate File - Lastline" ] } - }, + }, { "detonate_file_-_generic_test": { - "name": "Detonate File - Generic Test", - "toversion": "3.6.0", - "fromversion": "3.5.0", + "name": "Detonate File - Generic Test", + "toversion": "3.6.0", + "fromversion": "3.5.0", "implementing_scripts": [ - "DeleteContext", + "DeleteContext", "http" - ], + ], "implementing_playbooks": [ "Detonate File - Generic" ] } - }, + }, { "Test CommonServer": { - "name": "Test CommonServer", + "name": "Test CommonServer", "implementing_scripts": [ "TestFormatTableValues" ] } - }, + }, { "Test filters & transformers scripts": { - "name": "Test filters & transformers scripts", + "name": "Test filters & transformers scripts", "implementing_scripts": [ - "RaiseError", - "Print", + "RaiseError", + "Print", "Set" ] } - }, + }, { "virusTotalPrivateAPI-test-playbook": { - "name": "virusTotalPrivateAPI-test-playbook", + "name": "virusTotalPrivateAPI-test-playbook", "implementing_scripts": [ - "VerifyContext", - "StringContains", + "VerifyContext", + "StringContains", "DeleteContext" - ], + ], "implementing_commands": [ - "vt-private-get-url-report", - "vt-private-get-file-report", + "vt-private-get-url-report", + "vt-private-get-file-report", "vt-private-get-domain-report" ] } - }, + }, { "SCADAfence_test": { - "name": "SCADAfence_test", + "name": "SCADAfence_test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "scadafence-getAsset", - "scadafence-setAlertStatus", + "scadafence-getAsset", + "scadafence-setAlertStatus", "scadafence-getAlerts" ] } - }, + }, { "c19e328d-0cf3-4a94-88b3-df670d984602": { - "name": "SymantecEndpointProtection Test", + "name": "SymantecEndpointProtection Test", "implementing_scripts": [ - "SEPScan", - "VerifyContext", + "SEPScan", + "VerifyContext", "DeleteContext" - ], - "implementing_commands": [ - "sep-quarantine", - "sep-command-status", - "sep-update-content", - "sep-endpoints-info", - "sep-groups-info", - "sep-client-content", + ], + "implementing_commands": [ + "sep-quarantine", + "sep-command-status", + "sep-update-content", + "sep-endpoints-info", + "sep-groups-info", + "sep-client-content", "sep-system-info" ] } - }, + }, { "PagerDuty Test": { - "name": "PagerDuty Test", + "name": "PagerDuty Test", "implementing_scripts": [ "VerifyContext" - ], + ], "implementing_commands": [ - "PagerDuty-incidents", - "PagerDuty-get-all-schedules", + "PagerDuty-incidents", + "PagerDuty-get-all-schedules", "PagerDuty-get-users-on-call-now" ] } - }, + }, { "pan-appframework-test": { - "name": "pan-appframework-test", + "name": "pan-appframework-test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ "pan-appframework-query-logs" ] } - }, + }, { "TestSafeBreach": { - "name": "TestSafeBreach", + "name": "TestSafeBreach", "implementing_commands": [ - "safebreach-get-simulation", + "safebreach-get-simulation", "safebreach-rerun" ] } - }, + }, { "ExifReadTest": { - "name": "ExifReadTest", + "name": "ExifReadTest", "implementing_scripts": [ - "GenerateImageFileEntry", - "ExifRead", + "GenerateImageFileEntry", + "ExifRead", "DeleteContext" - ], + ], "implementing_commands": [ "closeInvestigation" ] } - }, + }, { "McAfee-TIE Test": { - "name": "McAfee-TIE Test", + "name": "McAfee-TIE Test", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "tie-file-references", - "file", + "tie-file-references", + "file", "tie-set-file-reputation" ] } - }, + }, { "SymantecMSSTest": { - "name": "SymantecMSSTest", + "name": "SymantecMSSTest", "implementing_scripts": [ - "VerifyContext", + "VerifyContext", "DeleteContext" - ], + ], "implementing_commands": [ - "symantec-mss-incidents-list", - "symantec-mss-update-incident", + "symantec-mss-incidents-list", + "symantec-mss-update-incident", "symantec-mss-get-incident" ] } - }, - { + }, + { "SplunkPySearch_Test": { "name": "SplunkPySearch_Test", "implementing_scripts": [ @@ -14327,7 +14308,7 @@ ] } }, - { + { "SLA Scripts - Test": { "name": "SLA Scripts - Test", "implementing_scripts": [ @@ -14345,4 +14326,4 @@ } } ] -} \ No newline at end of file +} From fc62b393c986eb71a0f8f1f91e2c2dea3085f766 Mon Sep 17 00:00:00 2001 From: idovandijk <43602124+idovandijk@users.noreply.github.com> Date: Sun, 6 Jan 2019 16:50:22 +0200 Subject: [PATCH 49/49] Fixed a bug that would cause remediation timer to stop without being started --- Playbooks/playbook-Phishing_Investigation_-_Generic.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml index a1e7fec1db71..2bb03e2d339e 100644 --- a/Playbooks/playbook-Phishing_Investigation_-_Generic.yml +++ b/Playbooks/playbook-Phishing_Investigation_-_Generic.yml @@ -341,7 +341,7 @@ tasks: brand: "" nexttasks: '#none#': - - "43" + - "8" scriptarguments: attachIDs: {} bcc: {}