diff --git a/Integrations/integration-ProtectWise.json b/Integrations/integration-ProtectWise.json new file mode 100644 index 000000000000..cb23c6782521 --- /dev/null +++ b/Integrations/integration-ProtectWise.json @@ -0,0 +1,412 @@ +{ + "id": "ProtectWise", + "version": -1, + "modified": "2016-08-15T07:30:53.8154035Z", + "name": "ProtectWise", + "display": "ProtectWise", + "brand": "", + "category": "Network Security", + "icon": "", + "image": "data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAWCAYAAAALmlj4AAAAAXNSR0IArs4c6QAAD2lJREFUaAXtWQlUVFfSvq\/3haWh2QQEFSECoqgwArIGFBODRAMoir+4YdTEnWgUDSGu0XFBDRAFBIOyicoiIIgLiKKIIrKLoKzK0nQDvXe\/ubdRbFEzc3Jmzhn\/sc6B9\/oudevWV1W36j4A\/oQ2HIkOJtjNfabmuqA6IiV7\/p8M\/dT1sWkgNjPfCUychYPJXjiYMAsn2H0jzrjxwPRj28f\/uryEDymgor5xApDKACASAaCSgXxAQL5WWmL0ofGf2v87NfBBgK1MRz8CJAgujgMgkyOQpW5TbeoDfzpyYt\/p887\/ndv5JNVwDXwQ4MBZ7remO0wqALx+APr5YJXPjCN8gdi8uKLG09\/NvWI4o0+\/PzINhMbG0oqbmzWdlm\/f7b157xYcx0n2i4NLjiZmeX9kW\/kkrrIGzuUWO4zyWnZDzcW\/4fLN29Ne90WkXl4BrL6UWi9Yfzm9pHz06\/ZPz49MA97rwmKBmTsOzGfgtos23YWeS2hpaWGzPQI6UDaN+jYeiVn7kW3rf1bct87g0Gs4qbbtxWRApwKgwgD37j+2PZmS99XhxPz13a0vdFE2DShkUP20+VOS9ZGYzFsAM15cNK5r7hgHSKTB7JnJENe2tI+PuJT9PaDTB7cE+8rrm6aEX66HVvCvE4wEGBwNGQ\/9vbU2bB\/ej8Z+kA4lJ2tGZWRoDR\/g6+sLU\/+hNZTXI8GKAK1BAFOCoKW+M2a4PCA8OVn7eFo+W3mNP+OP9mjp60t5xV95GlC0ob43RALoN5IJyvyK71BvVFQUGa3t6uqqrAfFWDjo7X3B+Wht+KfW3d2tBp9D2ChPBj3dPBs5X0ABFCiHVAosTQ1rS6trXfm9PHVAezUH1sVtnZyRsu4aS7hQ2ZBE\/+Rl16mMUdRpfmkikZgKpBIKRqVIp5iOrt3oPydiwSynHMflWyffqqiPw2UyAupH7MYYGbQv9Z4eGbLMN+E1+7Dfk10u3SgO3nQ42RnuiGw6Z9U9f49pJ8LWBCSVlpaSvXeeyAHjZxoDKlUGKCQJ3AcRSKSwkJeD1fuiZzLDY50PnEzeBGy8iUAmhfuHuIpFmNd0l70ZR7afQutsPhqz5GJBycq1B89aY0Si1MQ76O4aX69jvCf3MyJLGhMh\/0mASpFhJLJYIa8MyiuWgp+jUxZ8Ntrmi8ryK35H4tK3rF88OxPxC\/s9Yf7OA9E7lprPjokBKX8\/k3Nz8qIte+MdGKNuO5\/N+mHfM2lBia52MwjFvwahmHz13ogNPyQVrhrg5xkzmYZNfsH70ud42IcHnzre1doizcVtv2bDOwqoIzkGYBULmkSda1JSpveWPVvV2tOta8DW6jocn8Z99OSZ6VsANzS1uyhqXmTnRALcv5xSWFHrCjeD5BwkAuwUCIkveT22sOFfBphC5dPEMqk1mUwCZqMNmrr7BlRLyypnL6htnJVccGdqYtY1Ai4SWdJVGVIjHf0WgVhMftrU4hhyNNbxUtGdl96OdnnhiZlz1+75LRGIxGSjsUY1JBJJWF\/f5BRWWef0S+S5UTY2Nvudl28lUckkkkAsZbV3dLFVWGpCYy3WC75IguloqwFeH9cAgmGho6\/DHaHJ4uBynCCSSIChrobCg38+mRT2069RO5BBW4wzKRMIhcyG6ga3PXGpkxLDt44tbDsLmBQqUSaTqTa1dWrTmXSZMZRXCPmzaETc2drscdr5nNDr5RX+UD8KgAsf1CyAF0YWUyxMKmJg49XbZb6Ax7d0mDwuSS6USSFY1hKJSB2Be\/L8ZZ8V2w8fYuiwO\/XZ6oWtHJ5N8qW8zXM9nW\/oanjkttSnT8KoVBWzMfrNdDJJLpXjGIVMJpdwOKLeuoYiDabKyLrWNvWy2qfrewYEoiGAoVsTJ\/qv+xsCVkEEAqhpaTdThBAMIf42Pa5rcoEtUW+3fviXTCDHcXgzZqCneTduyxLHkqdPqbnFT1anX766Pyn3+iKWtkYsEIqAs8PkrLknfvZ1rKrC\/p5W8GNM\/MXQHeEJX4X\/cadkd\/Rvv0NFkbatD1xmzabE+fn5yQ4lZswIjfgjaUdEwu6CR9X5blbjPKqqAJb3KGvm+p+PXjKf8Fns6R+WrAfAAlhYAMmGgzFkaLlg\/Cj9DQVRe2NfS1xzHif6T5822Xnpj9s19PV6QoLm+Wxa6H0tNDSUJPB09pkybmyvh7l5dxSO+yPZEm+V2\/9yNP66ldW4nNgfFs9FfCwsLCR1de2N2wx0eDcfVrlXVlZS6l6KGYt27nNlG+p1uFqNuY70bOH7nRfG1hB\/PtUmNqu0kAIwTIoRCCLEI6fk0QwADW7pLNctx7d8GxsUlcEwV5O7zfdwyNLwDVKHJ5l8zAjt5prUE8YYhiH\/HSQY4xaFHGvT12H1DwjEZGM9rXl9fTzdIYCPXbw4qqKxZQKAHjZEODwX3wMuOqPLnzTb1dfXU01NTRWCDc350xcMEAhECfQ0CRwm2RweW41OXoFAoqKqJlNYEZFAkK3EMAlUBKH3dKY+OipsrcY1tXPqXV80tbJneEw7v2dVAHIEBW2c73Vl9e6oE7+dOrs9Oinb5\/MJ5vdRx6GzaWK4GAw2QqmlpaV4cDQA6w9EA7THe7XPvfS+CNTBZQRMjIs5UFlRi3Yengv6BgjzfL0iELhoDgRYCh+Jr+cj2dB7YGi4CDkDlFOmzB92dfkG789OuXRlXklTyyQ+T67S38tT7afRqNUvBkyru0rE1TUNlu5ONte\/tJvYsnR\/tD4gQr28WsBUT6capSPxOTd\/9Vy9015N1JWxYX5gFoDxQM7vJ0DZZb28fnW7JcEh2p4BYqFQRti2xO\/Kj4Fz7p\/Z9X3jKzZDjyE01UlqQhaTMcDp6GQBGgzJ6A56uOMie5HB+2mBEDBpVI5YLH5jQUMsP\/wCrVTW1sMxMfxyydERWmx6XHqBD8CIwNvR9sKNh4\/gcag4UiQn0\/PszL5Zc7i+tsFuisOksjneTqeDd0UFoX5dtvqD4SvwhLxHKLvv5vEMXvfhUoguJCIRau8dwkBfX9+cvl75HMUZJhbz4JAoGKq1EPg8vrD2nSnDGsgkXMEfx+A5OIxsLMYkp6TJ5z2oaPyyny9UhTkANOd+yrU7pX5MFRUOuhmcZW+bdDUCpjo87pv5oThh7fz2qBYub2xC9vWA3PziFbkFt1foZlyrP3azOGBbSmk5t+OqpJvD1ehufxmmyIv4QtDTy0M8FIY9TBRFNqZoW+zl3pqYd8MhKjX3u8qnLTNe9nDHKsCEyYnCixELIkluZKBTZT\/e7NJMJ7fjwyx3OO93fiOAhQKRXqtEuralvQswVZmt3wX67VvpNzPLNWiLI6DTQFFF7fTsW\/fngf4BQGBrCA5tXR3gYmXG2RWd9CSkrAq0d\/W6Qca7lZmTCGQXIBYDAzarTrldYaBQ\/PcRnUk7CAj4JdSHSekCPnxqqDJa0AcWKS62gz\/PoL6\/QoZj9a6pGur1nLtavIJIwCRsQ90OsVROSrt5d4kKnd6P6WoJRhizspR5E2CkTLZIwfT1\/ZAoa\/YmZIZ0v3jheufxkwVFxaU+x+PT95objvZ6IpaQR47U67QwMVpw9UGlEFDogAzE9cq8lN+HPBg13q9+bkujUji+7o47erj9dJlMotrTx6USoDNoa7CF6ip0LoxJsuaOzvGdHa0T4JQOZWb\/7F0ukZAN9dgVp35a619UXCEVSjpaDgYvH0Dz+GLoCXCdPg5X08bqs\/xRetrNqen5SyIT0rfD7gB\/V5v8UxdNGvOv33H\/9pcTofb2NsdKO+olWJvQ71hqZhBJT4cfOM8zOToUcVOi17FPqQmF\/YkmRs3fuE1XRAO5upBgvSOEyWBRkk9dvBqSnHd7eWhkQsmkESoXGkQi8rOnnKCa5jZVs8\/YYcfWrn3rSHof+4VOThyvdWGXM64UBaDsfdt3gSF9A32MY6fTtqE9OtlZ5\/q7uDQriySR4bBa8pVnF5e5\/56a7Svly\/cf3LjswoH4zPqih5U+L3v62LpjIZYAJlUkkniZ7+xyD1t7ZAyAqcmgoCMNHjPvmLMCYFheMHadyzt84NS5IAgg\/HJEAepqKq1aqsxnumxWl1SKE+qbq3S7uXxjHo+rA8QSkFFY+sPSsCM7Ynau36Ms6AffmSR4YMkxuQyXz\/ybdeXwcRQSPBP4AjB5osWd0oTD0++hpK+lY8q5pIyFUSlXCk1MTKLSbt1auHhreFpk\/Pmf\/rhycyOMCJK+jk5NwKBKdi71W+lkbv7GgzGMhCKQXC4bqgnRmjiA5QX0lvt1z45WPT19SI4iFKT+fn4YeJARdibr2rpFW3+NDD0aF6emr31IIpZSBO0vVTWNDLp8Pp8KgypoQeNxuQyWWZC\/VP7qggC1vqEvpk1OycgtDEAl52gjvQwqY6QEnMvchvY402FiamHM4FiZhIQBGU6CKSgDtUSm5gZcSssNvMC+u1LTPaBxa0ScHuDzQaCXS3yKmAMBxagNLe2shVv3dkCdwbxVBjSYDK4WRkVl6zsOR4K1p0lg2JH4x5VPHACDNhiOIcZcbp8Bl8MzaGhU7Gfw4gN+PiTRaUIpiUSD5RQhJjlnt8e3261T9wWvZLFYnEGR3\/9fBRB52tpa2Qba7Nq29wzRZql2qWpq5Jgb6d9EtRe0RtmVorJl87cdDDuRluXQ1tZ2Rl9f\/\/bpC1cd\/8i7saaqsdmNADDS+KmTLno4TozcGbTgnjJbGpnSrqKtmavLYj1Q\/vSlrsKsVNXVzqHTKJgUDJ6jBGj9OIHZiELJolluUYfPXKhNyL25srWLY4VRKBLXL1yu+39lH\/5\/np6vlAEv+qhaXao6mjmaGqw7yuu+fvecYn7DxnZ8PpNG610+2\/0x8q6vN+2Ja3jeOtrJwXooPLOMCAI9Hc1MWBIp1LLFx2W18UjtgqvFZb5VzzvGGLLVS7+e65mwdYlflKGvL32Ege5FmVyuIcXl6EIHEGUkQKNTByDKQ4nkaxnQE4Ol0Z3yh9VT0dXkO4SsG330h09jY4NH5sYGNaXVDa5dXJ4OCjUKb+8bAHO83OMvHPxx8Tvz\/40NMARBHSmVBf9G3v+fWZHKnz43G7qlQoCij\/voCcMYkUnnWY41uOXv4RxHIGOkXdGJR\/u6etmKLBtlMOjSA2adD2sbxv2nlfQJ3L+mYezXmAurtpw4vR0nYlQ1Bq1PU5X50khP5+FIPa2iUep6hbs3L3yGWEcmX7bILCp15oqEU5+1vRjf2duvLeCLVOg0cm982LrvYWKW\/ddE+DTrP6mBfwD43pnBLm6HxQAAAABJRU5ErkJggg==", + "description": "ProtectWise is disrupting the network security industry with its Cloud Network DVR.", + "detailedDescription": "Integration with ProtectWise cloud product.\nPlease note you can use either token (acquired by api call : https:\/\/api.protectwise.com\/momfodhxhz\/#access-token-token) or user email\/password for authentication.", + "configuration": [ + { + "display": "Url", + "name": "url", + "defaultValue": "https:\/\/api.protectwise.com\/api\/v1\/", + "type": 0, + "required": true + }, + { + "display": "Token", + "name": "token", + "defaultValue": "", + "type": 4, + "required": false + }, + { + "display": "Email", + "name": "email", + "defaultValue": "", + "type": 0, + "required": false + }, + { + "display": "Password", + "name": "password", + "defaultValue": "", + "type": 4, + "required": false + }, + { + "display": "Do not validate certificate (insecure)", + "name": "insecure", + "defaultValue": "", + "type": 8, + "required": false + } + ], + "path": "", + "executable": "", + "cmdline": "", + "readonly": false, + "hideEngines": false, + "integrationScript": { + "script": "var getToken = function() {\n var token = '';\n if ((params.token) && (params.token.length > 0)) {\n token = params.token;\n }\n if (token.length === 0) {\n if (params.email.length === 0 || params.password.length === 0){\n throw 'If token configuration is empty , you must provide email+password configuration params for auth';\n }\n var tokResult = http(\n params.url+'token', \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'POST',\n Body: JSON.stringify({'email':params.email,'password':params.password}),\n }, \n params.insecure\n );\n if (tokResult.StatusCode !== 200 && tokResult.StatusCode !== 201) {\n throw 'Failed to create token, request status code: ' + tokResult.StatusCode + ', body: ' + tokResult.Body;\n }\n var body = JSON.parse(tokResult.Body);\n return body.token;\n }\n return token;\n};\n\nvar downloadEventPcap = function(eventId, filename, token) {\n var url = params.url+'pcaps\/events\/'+eventId;\n if (filename && filename.length > 0 ) {\n url = url + '?filename=' + filename;\n }\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute download Event Pcap request:' + res.StatusCode + ', body: ' + res.Body;\n }\n return saveFile(res.Body);\n};\n\nvar observationEventPcap = function(eventId, sensorId, filename, token) {\n var url = params.url+'pcaps\/observations\/'+sensorId+'\/'+eventId;\n if (filename && filename.length > 0 ) {\n url = url + '?filename=' + filename;\n }\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute download Observation Pcap request:' + res.StatusCode + ', body: ' + res.Body;\n }\n return saveFile(res.Body);\n};\n\nvar getEventPcapInfo = function(eventId, token) {\n var url = params.url+'pcaps\/events\/'+eventId + '\/info';\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute get Event Pcap info request:' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar getObservationPcapInfo = function(id, sensorId, token) {\n var url = params.url+'pcaps\/observations\/'+sensorId + '\/' + id + '\/info';\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute get Observation Pcap info request:' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar sensors = function(id,token) {\n var url = params.url+'sensors';\n if (id && id.length > 0 ) {\n url = url + '\/' + id\n }\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute request get sensors: ' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar addQueryParam = function(urlSuffix, paramName, value){\n if (value && value.length > 0){\n urlSuffix = urlSuffix + '&' + paramName + '=' + value;\n }\n return urlSuffix;\n};\n\nvar eventsSearch = function(start,end,eventType,killChainStage,threatLevel,threatCategory,observationStage,ip,expandDetails,minLimit,maxLimit,reverseOrder,nextPage,token) {\n var url = params.url+'events?';\n \n url = url + 'start=' + parseTime(start) + '&' + 'end='+ parseTime(end);\n \n url = addQueryParam(url,'eventType',eventType);\n url = addQueryParam(url,'killChainStage',killChainStage);\n url = addQueryParam(url,'threatLevel',threatLevel);\n url = addQueryParam(url,'threatCategory',threatCategory);\n url = addQueryParam(url,'observationStage',observationStage);\n url = addQueryParam(url,'ip',ip);\n url = addQueryParam(url,'expandDetails',expandDetails);\n url = addQueryParam(url,'minLimit',minLimit);\n url = addQueryParam(url,'maxLimit',maxLimit);\n url = addQueryParam(url,'reverseOrder',reverseOrder);\n url = addQueryParam(url,'nextPage',nextPage);\n \n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute request get events: ' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar observationSearch = function(sensorId,start,end,type,killChainStage,threatLevel,threatCategory,hasKillChain,ip,expandDetails,minLimit,maxLimit,reverseOrder,nextPage,signatureId,token) {\n var url = params.url+'observations?';\n \n url = url + 'sensorId='+sensorId+'&start=' + parseTime(start) + '&' + 'end='+ parseTime(end);\n \n url = addQueryParam(url,'type',type);\n url = addQueryParam(url,'killChainStage',killChainStage);\n url = addQueryParam(url,'threatLevel',threatLevel);\n url = addQueryParam(url,'threatCategory',threatCategory);\n url = addQueryParam(url,'hasKillChain',hasKillChain);\n url = addQueryParam(url,'ip',ip);\n url = addQueryParam(url,'expandDetails',expandDetails);\n url = addQueryParam(url,'minLimit',minLimit);\n url = addQueryParam(url,'maxLimit',maxLimit);\n url = addQueryParam(url,'reverseOrder',reverseOrder);\n url = addQueryParam(url,'nextPage',nextPage);\n url = addQueryParam(url,'signatureId',signatureId);\n \n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute request get events: ' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar fetchEvent = function(id,token) {\n var url = params.url+'events\/'+id;\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute request get sensors: ' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar fetchObservation = function(id,sensorId,token) {\n var url = params.url+'observations\/'+id+'?sensorId='+sensorId;\n var res = http(\n url, \n {\n Headers: {'X-Access-Token': [ token ]},\n Method: 'GET'\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n throw 'Failed to execute request get sensors: ' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n};\n\nvar parseTime = function(time) {\n \n if ((typeof time === 'string' || time instanceof String) && (time.indexOf(\"-\") >= 0 || time.indexOf(\"\/\") >= 0 )){\n var d = new Date(time);\n return d.getTime();\n }\n return time;\n}\n\nswitch (command) {\n case 'test-module':\n var token = getToken();\n return (token.length > 0);\n case 'sensors':\n var token = getToken();\n return {Type: 1, Contents: sensors(args.sensorId,token), ContentsFormat: 'json'};\n case 'search':\n var token = getToken();\n return {Type: 1, Contents: eventsSearch(args.start,args.end,args.eventType,args.killChainStage,args.threatLevel,\n args.threatCategory,args.observationStage,args.ip,args.expandDetails,args.minLimit,args.maxLimit,args.reverseOrder,args.nextPage,token), ContentsFormat: 'json'};\n case 'pw-event-get':\n var token = getToken();\n return {Type: 1, Contents: fetchEvent(args.id,token), ContentsFormat: 'json'};\n case 'observation-search':\n var token = getToken();\n return {Type: 1, Contents: observationSearch(args.sensorId,args.start,args.end,args.type,args.killChainStage,args.threatLevel,\n args.threatCategory,args.hasKillChain,args.ip,args.expandDetails,args.minLimit,args.maxLimit,args.reverseOrder,args.nextPage,args.signatureId,token), ContentsFormat: 'json'};\n case 'pw-observation-get':\n var token = getToken();\n return {Type: 1, Contents: fetchObservation(args.id,args.sensorId,token), ContentsFormat: 'json'}; \n case 'event-pcap-download':\n var token = getToken();\n return {Type: 3, FileID: downloadEventPcap(args.eventId,args.filename,token), File: args.filename, Contents: 'we must have contents for an entry'}; \n case 'event-pcap-info': \n var token = getToken();\n return {Type: 1, Contents: getEventPcapInfo(args.eventId,token), ContentsFormat: 'json'}; \n case 'observation-pcap-download':\n var token = getToken();\n return {Type: 3, FileID: observationEventPcap(args.id,args.sensorId,args.filename,token), File: args.filename, Contents: 'we must have contents for an entry'}; \n case 'observation-pcap-info':\n var token = getToken();\n return {Type: 1, Contents: getObservationPcapInfo(args.id,args.sensorId,token), ContentsFormat: 'json'}; \n case 'get-token':\n return getToken();\n default:\n return 'Failed to find command';\n}", + "type": "javascript", + "commands": [ + { + "name": "sensors", + "arguments": [ + { + "name": "sensorId", + "required": false, + "default": true, + "secret": false, + "description": "The id of the individual sensor (if not provided will query all available sensors)" + } + ], + "description": "Collection of all available sensors", + "execution": false + }, + { + "name": "search", + "arguments": [ + { + "name": "start", + "required": true, + "default": false, + "secret": false, + "description": "Timestamp of the start time of the event end, Example: 1401451200000, or ISO 8601 format (YYYY-MM-DDTHH:MM:S) like 2015-03-25T12:00:00" + }, + { + "name": "end", + "required": true, + "default": false, + "secret": false, + "description": "Timestamp of the end of the event, Example: 1401451500000, or ISO 8601 format (YYYY-MM-DDTHH:MM:S) like 2015-03-25T12:00:00" + }, + { + "name": "eventType", + "required": false, + "default": false, + "secret": false, + "description": "Filter by one or more event types (MaliciousFlow\/KillChainEscalation\/MaliciousConversation)" + }, + { + "name": "killChainStage", + "required": false, + "default": false, + "secret": false, + "description": "Filter by killchain stage (Methodology Recon Delivery Exploit Beacon CnC Fortification Data_Theft)" + }, + { + "name": "threatLevel", + "required": false, + "default": false, + "secret": false, + "description": "Filter by Low, Medium, or High threats (NONE LOW MEDIUM HIGH)" + }, + { + "name": "threatCategory", + "required": false, + "default": false, + "secret": false, + "description": "Filter by threat category (ExploitsAndAttacks DenialOfService Malware Scanning Botnets Phishing Suspicious MaliciousHost APT Misc Unknown)" + }, + { + "name": "observationStage", + "required": false, + "default": false, + "secret": false, + "description": "Filter by Realtime or Retrospective" + }, + { + "name": "ip", + "required": false, + "default": false, + "secret": false, + "description": "Filter by events that are affected by a specific IP address" + }, + { + "name": "expandDetails", + "required": false, + "default": false, + "secret": false, + "description": "Include observation records (true or false)" + }, + { + "name": "minLimit", + "required": false, + "default": false, + "secret": false, + "description": "Try to return at least this many results per page" + }, + { + "name": "maxLimit", + "required": false, + "default": false, + "secret": false, + "description": "Do not return more than this many results" + }, + { + "name": "reverseOrder", + "required": false, + "default": false, + "secret": false, + "description": "Return results sorted by descending timestamp (default = true)" + }, + { + "name": "nextPage", + "required": false, + "default": false, + "secret": false, + "description": "An identifier to fetch the next page in the result set" + } + ], + "description": "search Events ,Events are resources that describe a threat and contains a collection of observations.", + "execution": false + }, + { + "name": "pw-event-get", + "arguments": [ + { + "name": "id", + "required": true, + "default": true, + "secret": false, + "description": "event id" + } + ], + "description": "Lookup a single event and its associated observations for ProtectWise", + "execution": false + }, + { + "name": "observation-search", + "arguments": [ + { + "name": "sensorId", + "required": true, + "default": false, + "secret": false, + "description": "the sensor id or a comma-separated list of sensor ids" + }, + { + "name": "start", + "required": true, + "default": false, + "secret": false, + "description": "Timestamp of the start time of the event end, Example: 1401451200000, or ISO 8601 format (YYYY-MM-DDTHH:MM:S) like 2015-03-25T12:00:00" + }, + { + "name": "end", + "required": true, + "default": false, + "secret": false, + "description": "Timestamp of the end of the event, Example: 1401451500000, or ISO 8601 format (YYYY-MM-DDTHH:MM:S) like 2015-03-25T12:00:00" + }, + { + "name": "type", + "required": false, + "default": false, + "secret": false, + "description": "Filter by observation type (ids http iprep urlrep protocol file )" + }, + { + "name": "hasKillChain", + "required": false, + "default": false, + "secret": false, + "description": "Search for observations in every kill chain stage (true false)" + }, + { + "name": "killChainStage", + "required": false, + "default": false, + "secret": false, + "description": "Filter by killchain stage (Methodology Recon Delivery Exploit Beacon CnC Fortification Data_Theft)" + }, + { + "name": "ip", + "required": false, + "default": false, + "secret": false, + "description": "Filter observations by IP address in the src\/dst fields" + }, + { + "name": "threatLevel", + "required": false, + "default": false, + "secret": false, + "description": "Filter by Low, Medium, or High threats (NONE LOW MEDIUM HIGH)" + }, + { + "name": "threatCategory", + "required": false, + "default": false, + "secret": false, + "description": "Filter by threat category (ExploitsAndAttacks DenialOfService Malware Scanning Botnets Phishing Suspicious MaliciousHost APT Misc Unknown)" + }, + { + "name": "signatureId", + "required": false, + "default": false, + "secret": false, + "description": "Filter by threat signature (find observations of the same type of threat) - Example: 69020504" + }, + { + "name": "expandDetails", + "required": false, + "default": false, + "secret": false, + "description": "Include observation records (true or false)" + }, + { + "name": "minLimit", + "required": false, + "default": false, + "secret": false, + "description": "Try to return at least this many results per page" + }, + { + "name": "maxLimit", + "required": false, + "default": false, + "secret": false, + "description": "Do not return more than this many results" + }, + { + "name": "reverseOrder", + "required": false, + "default": false, + "secret": false, + "description": "Return results sorted by descending timestamp (default = true)" + }, + { + "name": "nextPage", + "required": false, + "default": false, + "secret": false, + "description": "An identifier to fetch the next page in the result set" + } + ], + "description": "search observations in ProtectWise", + "execution": false + }, + { + "name": "pw-observation-get", + "arguments": [ + { + "name": "id", + "required": true, + "default": false, + "secret": false, + "description": "Observation id" + }, + { + "name": "sensorId", + "required": true, + "default": false, + "secret": false, + "description": "the sensor id or comma-separated list of ids" + } + ], + "description": "Lookup a single observation for ProtectWise", + "execution": false + }, + { + "name": "event-pcap-download", + "arguments": [ + { + "name": "eventId", + "required": true, + "default": true, + "secret": false, + "description": "The event ID" + }, + { + "name": "filename", + "required": false, + "default": false, + "secret": false, + "description": "Optionally provide a filename for the download" + } + ], + "description": "Event Pcap Download", + "execution": false + }, + { + "name": "event-pcap-info", + "arguments": [ + { + "name": "eventId", + "required": true, + "default": true, + "secret": false, + "description": "The event ID" + } + ], + "description": "Get ProtectWise Event Pcap info", + "execution": false + }, + { + "name": "observation-pcap-download", + "arguments": [ + { + "name": "id", + "required": true, + "default": true, + "secret": false, + "description": "The observation ID" + }, + { + "name": "sensorId", + "required": true, + "default": false, + "secret": false, + "description": "the sensor id" + }, + { + "name": "filename", + "required": false, + "default": false, + "secret": false, + "description": "Optionally provide a filename for the download" + } + ], + "description": "Observation Pcap Download", + "execution": false + }, + { + "name": "observation-pcap-info", + "arguments": [ + { + "name": "id", + "required": true, + "default": false, + "secret": false, + "description": "The observation ID" + }, + { + "name": "sensorId", + "required": true, + "default": false, + "secret": false, + "description": "the sensor id" + } + ], + "description": "Get ProtectWise Observation Pcap info", + "execution": false + }, + { + "name": "get-token", + "arguments": null, + "description": "Get API token, to use in integration configuration", + "execution": false + } + ] + }, + "system": true, + "isPasswordProtected": false +} diff --git a/Integrations/integration-jira.json b/Integrations/integration-jira.json new file mode 100644 index 000000000000..8a1cf91b57f5 --- /dev/null +++ b/Integrations/integration-jira.json @@ -0,0 +1,287 @@ +{ + "id": "jira", + "version": -1, + "modified": "2016-08-21T16:24:55.555541598+03:00", + "name": "jira", + "display": "Jira", + "brand": "", + "category": "Case Management", + "icon": "", + "image": "data:image\/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHgAAAAvCAYAAAAo7w6dAAAgAElEQVR4nO18eZxdRZ3vt+rUWe5+e0uv6fSStbN1WEL2EBMTQhIMgkHhKQgCyqLMjKLzHjCKIiqOwszIIiNu6ABBYEQgrAlB1uwJSTrpJL2n977ddz9b1fvj3Nt36e4QnPdmPp8Zf\/lU+t576pz61e9X9dvrkJFIEmkghCCRNDAYiWFgOIb23mFMm1yMkgIvqkuDCMd0AIAqSzh0onvmdx57+dH9J7tnaQozNy1uePruGy76uktTdNvmoJTCsmx0D4YxEktiJJIEpQSlhV7MqimFZXOcDVBCEI4nYVkciswghMjCF3CpMgghOf2jCR3RhAGfSwVP9Sep\/0OxBDgXIAQoDnggMwmcC5iWhfSjCYD0KNmfxwMCAlVl6OofQcCjIa6bSOombM4hAFSVBODRlFE8zgSEEPQMReBRFWRNKa8PkDQsSJRO2Ccb2Hg\/UkqgKQyawqDI0ujgScMCABimpd73++2\/eOtw25JCjwbTtPGrl\/fcUl9VdGLzynkPRONJ+Dwaiv0eUEKgqTIMw4Y4I6n+Cv8\/YAyDmURhWrZr19GOS1u7h8oAvLt0bu27lBAMDEdx6vQQkrpZdehUz0K\/SwUAUErhUhie2XFoU3vv8AO6YeHmy5ehqiQAWwjlvUOtl7b3DldOqyrevWRezc7\/7En+TwYmMynzRaIIx5OF\/\/Dzbc9uP9SyggL4\/ev7rDuv\/uTXb9y8+IGqSUFE4waSupnQZCkZjgsvqCPELM5RFHCH6yqKEPS7ML26BLGk4fv2o9ue3rbr+FpAQJWZ+PpnV\/7D337uwu\/+l834fxjQlu5BpFvXwAieeHXvDa\/sO7HCq8jwqAosi7N\/2vrWPQeaT1cndBP1VUVYMKPy9IYlDY9FdQOGZSNuWPBqinXZJ+Y\/uHrhdCyfX4d4wsTW1w9c9dy7R9d6VBleTYEQgvzs2XfuOtLSO920OeJJY9wWSxpI6tZ\/NW3+WwB7ddcxx4oggKowvH+4ba4ms5QCF1CYhIFI3BMKx+umTS5p1w0LccPEljWN36CU9mzfe2JDwKONLJ1f+7PJk4KvReI6OnpCcKky9h\/vbNBYxhiQmYRwXGdt3UMz6iuLjnPuaGVKSI7xJASgqCTHePor\/GXAFs+uAWMUts3hdikIhROHX959HK4Ukw3LRpHPlfC41JbuwTCEEHBpMoSAsW7RzHuThnlvWbEflcUBJHUTU8oKUVtWAFVmON7e1\/Sv2\/bAIwBCCUzThldT7JqKomZKKTRFhoBAOJYEkygAh7lMopCZBCHEX5n8HwRaUuBFXUURyosD8Lk1rF8085ElDVPeNSwbps3BGOVf\/czyO89vmNxWW1GEqVXFcCkybJsjqZswLRuGacEwbZicw+9VURTwwOtW8anlcx+\/6Jypb+imDdOyAQC3Xrb0ezOqS5pszpHQTVg2RzRhIK6bqWYgadr4K1v\/3wDL9kcZJWASHbzx0iXr\/nzg1OVHWnsr1i2csfOKNQveAgDOOUTK7VEVBotzJAwLumGBEKA06IPgGPX5JImGv7plxcY5U09c9v7htppljbXvfGZ14xsCQEI3MBhJoLTAC0JIni\/7n0uE\/87ANEWG26UgrpvwaAoIpYgkjMjUySW\/7AtFManAi4RuosDnAiEEoXAcbk3BjCmTUBT0oNjvgaJIKC\/0Y1KhF01tvYjEdVSXBuEEPEhiSlnB4ye7BjBj8iQkdQtd\/SNglEBhErxuFaFI4iMRJQRjxPWZpDdN9U93IVn\/TzzG2F4ftdYIyFkFHD4OOAt+omsf71ns7YOnPkUIfI3TKrcVB7wDbpcChUmYVOjFjMklSCRNAAScCwxH4gjHdbg1BUySUF7kR0WRH4BjpwnhtI6eIWiyBEVmkJmEaVXFqC4NonFaJTgA3bCgqTKOtvbOeuX9pk801JS9Vl9VdMxMSRNKCaSUTgYARWawCAeTaI4xRqljuKXB5s79kkShMAYm0ZxIFiEEMpNgWjYIASRKIFECAgKqMNh2pu\/ZRrIocRaqW1PgdasQQsAwLNhnuIcA43KKEAJVZpAZHXMte85cMAguPnr1ASC1l98zNBJLFEwtL+paNq\/2taXz616YVVP6bkWJv1NlDNGkDolScC4QjjuhytICL1QlN2wIABKlONbeh6HhKHweDVWlBbBtDlVlEDZg2rZ8vKN\/1vuH2z6x+0j7+t3HO5cd7w65b9+y\/Gc3XbbslmjCeb7gGeNKZhI6ekONjzz7zk9sLlRCwCEAARAhhNh84bx768oLXxQAGqdVwONScLJrsPaun7\/0kG5YPkqJw3UBYlg22Xzh3IeWza97XDcsFPjdUJ0FIj\/w1M6fHmzuOldh7Kz9MwEQiRLb69EifrfaM7Wq+Ni0ySXv1ZQX7tJUOZnQTVQU+8eEKm2bjxu6VJiEn\/\/7u3\/74ttHL9cUxpG3tgQB0U2Lrjlv+nOXr278kW58NKqsrMDbk9DNgvb+4cpfbNt99W9e3Xt1ZaEvVF9ZdOiS5XN+vXnF3Mcsm4NzDppSjm5NTt0+dgmpCgOlBIQ6elVVGGJxPfDAU299d\/fRjlWneoZmDkcTDCDQFAl+l4KyQl9Pkd8NjyqDMQmHT3Vjz7FOyEyCzBiaO\/oXbNvdvCp\/ZSdMG0yWLpxZU\/oioxT1VcVwawqOtfY1Pvfu0XWuUXfPgUjShNetdgS97scThqN2VFmCaXPfn94+cuWJ7qECVZbwsUAAAgI89denqphWWXTkslXzHl6zcMbDMpPM7O6EEBiWjcGReGoRj9orSOhm4LHnP\/jWka6BEtcEeOiWjY7e4ZkLG6of1VQ5xPmZw79s4azq\/Uc6+mcFXCoU5uzKvpFYQUvv8IpDp3oWT60q3l4U9LbYtg2JUpg2933\/16\/fEY0ng25NiYmUEy2EIJGY7q+tKNwxfXLxb5OGhfrKYrhUGU+9tu\/a+7a+dWuBW4XGJHg1xbkHAhqTUFkSODgSTSBpWGCSBMOyITMJTKJgEoHCqOnRZMhSLoNlSYIiM0OSKCRK0\/QGpcT2ago0WRqjT2Um6SLVUSIElFJQAaEpcsyrKQXKhOJxIsGd\/uyMJITA4bbehn2\/ePmfdu4\/teHBb1x+pRZwD3E7wwgmSegLRWBafHQBqjLDhy09i06HIiVFHm1CXetRZPQORws6+oaXLZ5b+3xSN8fvmB5rVu2kHRIhn0OKPIQAskQR9KjoD8fll99v+srXtqy4vWcogoHhKIajydIHn3vn9qFoAkoewSO6ibWN9fVXfLLxt0V+D1SFIZow3I9v23NTkVuFpuSGvi2bozToCU+vnrTHSotlAoRj+qhl7fw23mzPQgGN0j2XCbm3C+RKwom0rsj7PH4\/QgBNYVAF8KcPjq3z\/Msff\/3Q7Z\/ZTAB71B4ggM+twTDt0al5XAoOn+zeEDdM+FMbYFy8CJA0bew+2rFx3QUzn594QTpAp1aWvFJW4I3Zdr5ZQOBSGJ7efvCG\/uHY1IaaMsyfVokLz6k\/uXHxrKcViSLg0RBwqwi4VfjdKgrcKr64ceFDl66Yi1XnTgMlBL9\/ec9N+071TNUUeczgCcPCuTMm75xeXdLlc6kIel0IeDWQs0itjWUMQJHNQpHHxMwVMt63nL75MN5iEnl\/sz87C7PIo+GZPx\/e+Me3PryCEgLdMKEbFoyUkakojiGqqTIsm2t7mjrXZqRUtoTIHUdlEj440r56JJpwCyFg23zCRhfMqGpdNq92WyxHYacMHElCdygauO\/x7T\/hgsPrUuBSFHHTp5d+pzjgjqeDFwBBNG5g9YKpO9YunLGVSRK8LgXH2vun3\/\/Uzv\/jytm5afIKSJRg88q5v1FlBlVhTm4XQDhpgEzoDE+8c8daJdn3iJyfs7PEE4PjPYwkdIzEJ2oG4roFW+Tntx2JJBGCP7xx4AYuBJFlBsYoZFmCR5PhVhV4NBk+t4rO3uEFzacHpitMyhl\/7C52jLFT3UP1fz546rzOvhG0nB5CS\/f4jQW8Kj63ZsG\/PP\/OkctsAUgkhzLwuRQ89\/bhTYuer77t+k8tvp8LG\/Omln\/4d1esvPubP3\/pB0G3CsO0UFbkDd957dpb\/F4XJxBI6KZy5yMvPtodigb9bhUQuSs9rls4p77iyOrzpv3JFg6zJYliJGoimTRBQcbZo8B4E56IORnxPN69qe9COBIjrZizxLlp2ygr8A18ff15P2MSNbkQOQNSQkQ0rnv2Hu867\/2j7WtM2yaMSjnPV2UJH7b2ntPeO1xZWujttCyevhea4vR1qTL2NLWvDycMEnApZ5hrRsSHEwaaWvsuXja\/fmcsYUxIBZbULSydX7tj\/cIZL\/zhrcMbAm4158EEBKos4fu\/feMHkycVHFw8r+YNF4AbNy\/50YctPfMee2nPlQGXgr\/\/\/Oob59SVHbZsDtOycc+vXr3vlT3NKwJubQxzBQBLcHz500u+73EpCcOyHd+XEvSPRGFYdqbQYELUP8pDzScSyXxNO+ypn8Xoos5dDBbnKPK7+m+6fNm38w28NJgWx8ETp7G7qeOqHzz++mO2zRXHOnbwY5QiFE342ruH6or87k7TssEBdA+MwLJsECd6SN\/cf2q9Os4Yo2jmEUKRKHYd7bjoxkuX3uH3aNZEFSPUsGxYNseNly7538UBV8K0beRqKQFZkhBPmuo3H\/rT7w4c72rgXMC0ufjalpXX3XTJBT+598aLr9+yuvEJy3aCEb95afetD\/37e1\/15qzGNBBEEgbWnjNt5yXL5zzBhYCUZVD1DkXPyn76aOZOsNOdiMcYio1NaqSsYg46NBzTInEdFuew7EzjXCCWMBD0ufD5i8793fK5tW\/GR1VdZnzT5tBNqyjodcHjUuBzKXCpMlRVhtelYiAUazjWOTAvXzwL4RiiFudZMQeHN7Isoamjf3ZHb2i2S2FQmTRuo6rMIASwsKH64M2bl\/4wqpvjEk9TGToGw2V3P\/bK1q7+kQrDtMAkkrxq3bl\/t\/aCmf+qyE7k6JntB7d871ev\/tQlM0hk7C4zbBvFPlf8zi+uvZVJ1E77cZQQxJMmugfDYPTMluHZrQCSNXRK2I\/iky38c02uXOPJEfOEEBimjXjCAMnqSylBXDdg2xwj0QQqSwJHxy81c6RBeoHopgWZMXg0BQVeF4609q4NRRKKE2fIbCzDsvHNq1bddfuVF95hWOmN5+AuEYJwXGev7T5+0enBMNp6QmjrHdsopQSUEpgWxw2bF9+7dsHUneFRmZ4RNRACPlXBvpPdDbf95Nmtb+w5EezqG0E4piOa0NE7FMWTr+9f+62HX\/iVwbkkjRE3zopM6Ca++b9W3zGnvuxgOrSY8l3RPRhGNK6PBlT+w5D\/GJE9p9yL40u43AI\/3bAQSzouHJMoBoZjONjchSOtvfjwVA+Shmk50x77\/GyghMCryfC5VCgyw3uHWjfkCxDT5igJekY+cd70+zcunf3PpUFPON\/ToQTYc7RjoxDCCS6RsY1y7kSpTNOCS5WNu29Yf13NpGBPwjSzcMysKq8m4+2m9iUPP\/P2MwndCoQiCShMwsHmrhV3Pbpt63Bcd2mMYTwpEE7ouPITjU9es+H8n9pcgHMBIYQTCeICJ9r7JyTK+IQ\/00KYuE8u+dO7+6NHTe\/kaExH92AEu5o6YNg8FZSRkJH7E7taEiWIxHV0DYTRNxzFoZPdUw62dF\/gRNAyEs+wbMyrK\/+gtMAbKSv0hWfXlu9KWnbO8xSZ4Wh737nxhFFXHPSiwOsa06giMygyg6IwcCHQUFt64h9vueSLLlk2M25Qrj7zqTI+ONa56tcvfvA7SaKewy295\/\/vh1\/YOhRN+F3yeMwlCCd0nDetcu93b7z4RkoITMsGTzGZCILBkRi6BsOjif+zgzMXtI6Dxuhd49+ZvyhyuU4Jgc052npC6OwbhiYzEACWZcOybIic4PzEI3DhBJQUWcLhlu5P9A7HPLlqyZF2jdMqX00YTs78gtnVr9k8Fz9GCfpHYq4PW3o+WeDT4HUpY9qYqkouBJbMq91225blt\/zwd9sfsYidpxOdQbyajNf3nthwun\/k\/VA0UXo6FC32pCo08iGmG5heUdR571c2bAn6tBGbc9AsmcQYxfH2fuiGCUUet5I3Z\/Jnt4Nz8Z34WROJ09zNSFKLsncoCsOyIFECv0eDx6XA61KhyBI0VSb5CZgxeAjHM\/FoCtyqgt1NnRvtvHtsIeB3q\/aiOVNe92gKBIAF06u2+10Kt4WgUh66fz5wauPnPnnOI7LMx0yXGebYxBYXAjd9eunPAZTf\/ZvXvu1R5ZTBlD15x8c72tE\/m1IClyzlMdfpo5s2SoPe0P23XXrZ+Q3VJy2b5+Q7KSVI6CbaekOQpLMN9J+Ni5QvdjM7+swaMnVvukfKyLJtjp5QBGmXDnAEMqUEkwq8KA56EI4mp2RsrFwcCXHcQMBJLHjdKsLRZMn+410r1Dzr2TRNNFSXN1WUBD6MJnV4NAXTqksOTK0oOnmorW+aK0ucqzLDvuNdy\/Yf7yr1edRe286lCxUipQezGklhf\/0li77zlU2LHkjoZsoIyQ+bOT6yLEkYj2SGZcPvVhN3Xbt2S0Nd6Qf2OCYmJQTH2vowHEmA0kxwI9\/WHQsfHYWaCPJtaDo6pbFWGaWEM4kmh6NJEBDHvVGcyJumyoAARmJJvLn35Ky3D7Ve6JLlrFEcYJTCqylDCd2EgICmOAmXIy09yzsHRoqdmH5mQeg2x\/mzJr9ZVug1fJoKAoKAR00umF61M19tyhJF91AkeKyj70KPS4UsSzltQnlop8z5ay9Z9DfhaNL7b9sPXOdRWZa\/OFGEyEHUsCy4FTl5\/aZFV02bXPJaLGGmskgZoMTZvUdae1O6d6Ig\/3jx3r8cMjvYkTnjH6IRkAhFPGF439jTfLHFuTk699GkAUHSMFl3\/0jj1u0Hv9w3Ei1U8gxMzgUKvK5o1aTgKQHHixgcicOlyth54OQGg3NoWZgJIeCSJcypL3+5bzgGw7RR5HODC4HFc2te\/fUre67LnYmAYXPsberYuGnZ7CelPA\/kjAqPcwHDtMQ1Gy+40RJCevrNg9e4FXm0pDZ\/oDSYNocqM+vvPnfhF+bUlT9LCYEsUYxGBFNAJYJjbf0YjiahytIErMsWqPmiWZxRi+bCmeXBeA9QGEV7\/8jkr\/3Tcy\/QMZ0cMS6EQMK0nNQlyycnQcI0sKy2Zm9NRWEnJY4FzbnASCzp3X2kY7XGcq1nk3NUFgUGGmrL3rW54\/5wCOiGjVk1pW+XFXjDg+G4X87aEJosYVdT56pYwvB7XWqOO3VGk1UIAdPi0E3LvmbDwusvXjjzqZhu5gQy88EWHLJEjftu3vSlmy5bunXh7GrMnDIJPo8Ki3PYqcYFR0K30NzZj\/xVl0uiHIzGXP1LRPnZJRucZUMIQLPjAXl4EELgUWU4abtcLAQEbCFwxScXPMQkKkybQ0CgpMCD0wMjC1v6hqfkhkAdN2x2Xem7xUFvvyxJCHo16KYFWwhMLg12zqkp26ubue6SLElo6Q1VHm3pXaIqDIxJo406SfWxTZIo3C4VFUU+lAS98LtV67JV869eOa\/22VjSGJ3CeAEDxiRr+uSS\/QBynifRTGMShYCAYVoZo2Wcdmb4OLHobJJkRPRoG9MtfS0\/eIAx3\/NDu+nPQ9EEPr1szp8uXjLradNyFna6fuv9w20bYrqZU9WRHnP5\/LqX0+6mRCncqgxGCdyqghWNdX\/MjTs7Lpdh2tix78TFoUgCA8MxDIw4jY2NOGWAqTLcmgwqUfhcKjRVTt59w\/qrfvib1597\/r2ja53ERDbZBBglCMd199f\/+Y+PP\/HdLywvCriHLZtjlA5ptATgVmVUlQRxtK0XlH3MUpmPhGwz6uMERs729\/xrmc8W54jpBi5Z1PDyPV\/ecLUsSVbSsNA7FAEARIkuv3eobV1+sp5zgSKf25hdW77DsDkkSUJzR\/\/8WMLwE0K4wiRbVVjCpyl5ZwIIFEnCriPta4MeTS0JevR0CPiMOtixqAl0w1KicX1SXUVhJ4DET2\/b\/NnI9\/UX3zzUsih9wjCbiG5FxnvHOub86PHXf\/zDmzd9ybHOxz6fE4Gq0iCOtvWdCY0zwsS7fazFf8bnTJRsEAKmbWf95jxPkigkkp+cBywuUODVhm+9bNm3Ny2d\/ZDfrRo25xgciaEvFIGqyGjpGmw81jUwK19np6JXHxb43U1CCBxr7V1244+2vpa0bFVK7RBKiSDOWZ8cPGVZwrGugelNbX0LzptV9Z6RlZbExM0pnrv\/iTcfXHfbI\/u27zmxHgAKfO7QP3xp3WdmVhUfj+nj5yIDbg2\/3LbnulffP7ZBZo6PnP\/P4hylhT543SrS55Q+npt0Jh2cL3bH65VZHuPdLyDAmGRNmRTsqist7KgrDXbWlRZ21pUWdjBKBefj299cCKxdOH3btMnFhhCAblrQTQuFAQ9KC31oau+7aCSWpFKeWNMtjsVza14rL\/LZhmlh+97mjf3huAoAtnDsG9vmKeZmL+BU8iFhkJ37TmwkhCBt0VLL4pioSZRgx54Ta3\/z8p7rekdixTf94x\/+7f0P25ZKEkFdRVHnj27etKWiwDekmxZyd4iARADBBX7w2zd+PBxJeAkIBEdO47aApjBUFvudE\/8TcXhcLn\/UEiAYoxfyNO\/492b6G6aNmtJgyyPfvOK8H996ybwf33rJ3Ptu3TT3kW99Zu5XLl3y3UzmLSsqJ1H0hWLBux7d9jsuuMvjVqDKbDTqJUuU7DrSvj4THUxhIgCPJmNWTekrsaQBlyrTIy29K2VGIRGnQFDKKYgfi7sqSXhz38n1pmVTSXIO\/dH+kRjGa0PhGHoGw8r9T7z5PYtzBNwqBkZiga\/c9\/STR1v7pge8GpbMqz1wxxc\/eQOlBM5qzhVzbpVhd3PXzCdf3\/dlRZacUtq8RilBWZEPdirH6tQM86xJnIGBeQwZH85kZJ2pm+OeSJTYVZMC\/cUF3mFK6TCT6LAkSSPXX7LonlXzat8JJ\/OqGoWAR5Ox88PWc+9\/cuedafOxZzCCY619eOvAqelH2noXaHllsaZto7ok0FVdVrA7oZs41TVYe7S9b546GrrNd0vHTkCTJRxq7Z3b3DHQkLataDL1Ton8JkDw2q7jl75ztP18t6qMGkUt\/cOVt\/302adau0OFlmVj88p5f\/ji+vPvj0yQR3YpDI89\/8HfDI7EC6RR0ZFpti1QWujDtMnFqC0vQG15IYoD3tSpA8fiHi1eH8Oev8Royl82ZwqkEAgBwm0ulwQ88Hs0mBaHS2EIeDTjzmvXfaXE74qZ1thwr0+T8eAz73zjrX0nV8iMwq0pKPC7cbyjf+1AOK5lUqLOX8OyMbe+4s8VxYGRgEdDU1vvqs6BsNviHIZlw7BsJFNNNy2YOVFB5xmUEoSiSXnn\/pMXOS6uDdoXiiK\/9Yei6OofoX\/YfvBmCJGjofyaiveaOub\/9IkdP+7sD5OewQi+fOnSO8+tLz+aHKfSXpUlHO0aqHjxnSOfZYwinX9ON0KcIrLZ9eWYW1+OOfVlaKgpxcLZ1VizcAYuWjQTVaVBt5ETosswhXNB7FRhfi7kL4I8Ez7f6ht3S4usT2I05lwU9IADWDCj8uDtV666M25aeQ8hYFRC3DDZt3\/xykOhSMJXEvTArSo4cLxrY6ZvZlBCCBbNqX45HThRFTk8o7Koo3ZSQVdNaUFnTWlBSv8XdNaVF3aU+D1ZRe+ZuUiU4M29JzdwLhwXdbxyVlmW0NY91HjgVPcSVWHI168yo2juGGiMJZLE41JFfWVR9FufX3P757\/3++dFKhWWDYpE8cyOQ1d\/ZnXjI5wLnvumHKeEx7LsUUvW5gLvHm7F3LpyFAe9OHi8a+l4VrgQAj63apQWeEFS\/uqYzUjG+ur5pxlzaZS2lHMZkL48qcDrvJnH5jCFwBfWn\/\/A9j0n1r3wwbF1mYI5p7dHlbG7uavh\/iff\/P53vnTRrW09ocoPT\/UsckpzMnhZXKAk4I7Prat4E3CK4NcunP7UwlmTX+KOIyOyK0lkWeLtp4car7nn33bots2krBowTWHYf\/L0+Z19I1MmlwbbaP6OotRJIOw71rlxJKZLGVcgm7DAlWvPeXTe1ApeU14I3bCw4pz6P61qrN8e0808gpL0oOc2dww0KLLknCZItbQoyV4VTobJOZa6\/3jXsld2H788UzSf6WcLgcVzppzYsKQBF10wE67881I5BslEQtkhDs25Ssb0Sl+xbAHdcERk0rBAKOF3Xbfulqoi\/5BhZbtTDvhdCh59\/v2b\/3zg1LLW7qHzu4Yi\/vzaZ920MKembH91WbDFudtRXYrCIqrCwqrz12kyi7hkFps\/vfKdGdWTDut52UBGCXpCUc97h1vXSA4\/CfIb58DBE90XZmLOmckalo1pFUVdK8+p\/\/1INIFIPIl0sd0VaxY8THMiM85niRAMx5Js77GO5Q5DLZiWBcty3AcAo4V3qepKIoSofOtAy413\/\/KV50KxpDfX6iSwuECh16XPrS\/\/QJEZXC7FeRUEPi6kBPAYEX3mWJrzmikZEAIzqktO3HHNmm8YFk9J\/gwWVKIwbU7ufuyVh598bd8tbExYVsDmAufMnPyqpsjCyTtz2EKMFkTktNSzZUbFkrk1L5t5VR5peH1X8ybdsMDiyVw\/lhKK4WiisK0nNCuTBswgbJg2ls6r2eZS2MhQJAFFZvBoBCJp4rxZk1+tKQ32dg6MlGbEUIaMh052nw+Qh0bRIQTDkQR003KY6yTVAz\/87RtP7m3uvGAwnAgSANqYKJdAXDexqrFux+TSYLNpczBKxg2mfLSVnfKDx\/jMJPMRGXYT4lQ6cgFIFBDCKY6\/Ys2Cx7bvOXHxk9sPXBZwa5kbhYBbYfiwtXe2QO\/s\/OM7QgA+TRHL5tW+SohjsxBCYNnZRXYZvAIe58CczCRceM7UFx987p3bhQBIlk7togkAAASjSURBVCrSFIY9TR3LekPRSaxyUiBnQIVJOHV6sCIUjRczmq2PnIEopZhZU\/pWOK5DN+zReKztvEYpNKumdP+pntA6JY8pjFK0dQ9N7QtFoZtmimgEsaQJw7BSQRXAtDhvauub1xOKBt2pkw45lIajs1wKE9dfsvj7frcG07bBuRPqAwCe7fCOo4NzjKxU4ftHFQplC2wuBHTdhMzo6G+yJOHvv7D6a7ubOpZ0DYyUO+5Nhn4T1VUblo0ZVcWt9ZVF+0yn7AdCIGUlZ20QIeBSGJTUm\/ksi2N2bdmuqeVFrce7Bmqcmi6nvyJRtA+Ei\/Y1da5kHb3DOQMqsoT23uGiSMJgumWBZoXjbAGoEkVVceBkmqCccwguwIWARGVUTQq2hFLnfLMhYVroC0XLD5w4TUzTEoDDqKqSACan3gYgAHg0ObK8sfal5pcGrx1v79lCIJI08PdXrvrBknk1O3XDHiVD2iqnAGKp94dkSoMEoroF07JVmlIHtgC4AGwBEjdMTzhp5EiLmGlBNywPkCuwqXCYzKRMilMAqCkv7PrOteu+evW9T27VLSOnLClXbaW\/EwwnDFw1c\/JbQZ87rhsW0gcjZKYgmjBGX\/lIiFNk5ywCwASHz6PGz2+YvOPtYx3XBF3ZeQEgFNexY9+JzaymvDDnApMofG7t8IbFs34XT+jlTJJ4GiHT5qQ44OmYWTPpkM+lwnLJUBiDqsiAExTA+kUzf3+yo3+KLDMl26bVTQsLG6q3XdBQLdI+HIGTLUmmdzCcXb1oTs0Lv31137X5zE2YFmxb4JZPLf6Xr21ZcQchFGmJlz7LJFGC2fXluy9fNucPpmUFJUpGhWzCMPmlK+duXd5Yh6RpgVFHLRBCIptXzPnVkZbe+QqjPN1fNyw6d1rFOwGvZjiRv1wdkP2KCMDZZRuXz3769paVd+051rFSlWWRH+nKZrYAIYZh2Zetmv+QprKcgkMnhgyEwgkQEPi9zunMnNdNQeCza855sKN3uEyVJdkRV854Cd3E\/GmVr5OB4Vge0kDStNDcPoALZlePvgCUEOeYRlNbH\/weJRVaFHCpCgr9HqcPJYgnDEQTOmrKC5GuAqSEIJbU0dwxgAXTK3PWcu9gBD1DEdCUESVRgmhcn3T9D59qPj0Y8TOJwEzVcdWVFnRct+mCe7asXvAIIYBLVUYnLKUq0Qgh0A0LTa29aMwaS6IEnf1hSJSgtNAHm3NHeqcIEkvq8LqzaysILG6jpWsIU8qCGOP7AalSpVza2ZyjtXsI1WUFkNnYtyBkg0QJegYisCFQUewHzwpeUEIQSeijB8UnFXihqfKYl7FGYjoGw3HUVWTRmxJEYkn0haJgYxFwjAbdsGDZHJTyUQZbqVcn+dwZizVbDBE4OsUwLNhcjIoXmrIM9dTv6bovASAUTYILAZEKVNgc8HtdfRddMPOX2947usHv0YwppQXNM2tLX1m\/aNbT5cX+Pt00x6meyIDNHRfGsnnWnqOO5Q6n9NVOpzABACL13pDskjmSPnIy7h6cCIRw3gbrHO7mZ2SwAIVuWVnfMe5n57mZmrlRHFOVnmPoLRx6G6aN\/wtNzSc6\/josvgAAAABJRU5ErkJggg==", + "description": "Issue tracking product, developed by Atlassian", + "detailedDescription": "", + "configuration": [ + { + "display": "Username", + "name": "username", + "defaultValue": "", + "type": 0, + "required": true + }, + { + "display": "Password", + "name": "password", + "defaultValue": "", + "type": 4, + "required": true + }, + { + "display": "Jira URL, in the format https:\/\/demisto.atlassian.net\/", + "name": "url", + "defaultValue": "", + "type": 0, + "required": false + }, + { + "display": "Insecure", + "name": "insecure", + "defaultValue": "false", + "type": 8, + "required": false + } + ], + "path": "", + "executable": "", + "cmdline": "", + "readonly": false, + "hideEngines": false, + "integrationScript": { + "script": "var getCookies = function() {\n var result = http(\n params.url+'rest\/auth\/1\/session', \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'POST',\n Username: params.username,\n Password: params.password,\n Body: JSON.stringify({'username':params.username,'password':params.password}),\n }, \n params.insecure\n );\n if (result.StatusCode !== 200 && result.StatusCode !== 201) {\n throw 'Failed to create auth cookie, request status code: ' + result.StatusCode + ', check that username\/password are correct';\n }\n return result.Cookies;\n};\n\nvar addQueryParam = function(urlSuffix, paramName, value){\n if (value && value.length > 0){\n urlSuffix = urlSuffix + '&' + paramName + '=' + value;\n }\n return urlSuffix;\n};\n\nvar uploadFile = function(entryId, issueId) {\n var cookies = getCookies();\n var res = httpMultipart(\n params.url+'rest\/api\/2\/issue\/' + issueId + '\/attachments', \n entryId,\n {\n Method: 'POST',\n Cookies: cookies,\n Username: params.username,\n Password: params.password,\n Headers: {'X-Atlassian-Token': ['no-check']},\n }, \n {\n },\n params.insecure\n );\n if (res.StatusCode !== 200) {\n return 'Failed to execute request:' + res.StatusCode + ', body: ' + res.Body;\n }\n return res.Body;\n}\n\n\/\/ The command input arg holds the command sent from the user.\nswitch (command) {\n \/\/ This is the call made when pressing the integration test button.\n case 'test-module':\n var cookies = getCookies();\n return (typeof cookies != \nundefined\n);\n case 'jira-get-issue':\n var cookies = getCookies();\n var result = http(\n params.url+'rest\/api\/2\/issue\/'+args.issueId, \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'GET',\n Username: params.username,\n Password: params.password,\n Cookies: cookies,\n }, \n params.insecure\n );\n if (result.StatusCode !== 200) {\n throw 'Failed to jira-get-issue, request status code: ' + result.StatusCode + ', body: ' + result.Body;\n }\n return JSON.parse(result.Body);\n case 'jira-issue-query':\n var cookies = getCookies();\n var url = params.url+'rest\/api\/2\/search?jql='+args.query;\n url = addQueryParam(url,'startAt',args.startAt);\n url = addQueryParam(url,'maxResults',args.maxResults);\n var result = http(\n url, \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'GET',\n Username: params.username,\n Password: params.password,\n Cookies: cookies,\n }, \n params.insecure\n );\n if (result.StatusCode !== 200) {\n throw 'Failed to jira-issue-query, request status code: ' + result.StatusCode + ', body: ' + result.Body;\n }\n return JSON.parse(result.Body);\n case 'jira-create-issue':\n var cookies = getCookies();\n var url = params.url+'rest\/api\/2\/issue\/';\n var issue = {};\n if (args.issueJson && args.issueJson.length > 0 ){\n issue = JSON.parse(args.issueJson);\n }\n if (!issue.fields) {\n issue.fields= {};\n }\n if (!issue.fields.project) {\n issue.fields.project= {};\n }\n if (!issue.fields.issuetype) {\n issue.fields.issuetype = {};\n }\n if (args.summary && args.summary.length >0 ){\n issue.fields.summary = args.summary;\n }\n if (args.projectKey && args.projectKey.length > 0 ){\n issue.fields.project.key = args.projectKey;\n }\n if (args.projectName && args.projectName.length > 0 ){\n issue.fields.project.name = args.projectName;\n }\n if (args.issueTypeName && args.issueTypeName.length > 0 ){\n issue.fields.issuetype.name = args.issueTypeName;\n }\n if (args.issueTypeId && args.issueTypeId.length > 0 ){\n issue.fields.issuetype.id = args.issueTypeId;\n }\n if (args.description && args.description.length > 0 ){\n issue.fields.description = args.description;\n }\n if (args.labels && args.labels.length > 0 ){\n issue.fields.labels = args.labels.split(\",\");\n }\n if (args.priorityName && args.priorityName.length > 0 ){\n if (!issue.fields.priority) {\n issue.fields.priority = {};\n }\n issue.fields.priority.name = args.priorityName;\n }\n if (args.dueDate && args.dueDate.length > 0 ){\n issue.fields.duedate = args.dueDate;\n }\n if (args.assignee && args.assignee.length > 0 ){\n if (!issue.fields.assignee) {\n issue.fields.assignee = {};\n }\n issue.fields.assignee.name = args.assignee;\n }\n if (args.reporter && args.reporter.length > 0 ){\n if (!issue.fields.reporter) {\n issue.fields.reporter = {};\n }\n issue.fields.reporter.name = args.reporter;\n }\n var result = http(\n url, \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'POST',\n Username: params.username,\n Password: params.password,\n Cookies: cookies,\n Body: JSON.stringify(issue),\n \n }, \n params.insecure\n );\n if (result.StatusCode !== 201) {\n throw 'Failed to jira-create-issue, request status code: ' + result.StatusCode + ', body: ' + result.Body;\n }\n return JSON.parse(result.Body);\n case 'jira-issue-upload-file':\n return {Type: 1, Contents: uploadFile(args.upload, args.issueId), ContentsFormat: 'json'};\n case 'jira-issue-add-comment':\n var cookies = getCookies();\n var url = params.url+'rest\/api\/2\/issue\/'+ args.issueId + '\/comment';\n var comment = {};\n comment.body = args.comment;\n if (args.visibility && args.visibility.length > 0 ){\n comment.visibility = {};\n comment.visibility.type = 'role';\n comment.visibility.value = args.visibility;\n }\n var result = http(\n url, \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'POST',\n Username: params.username,\n Password: params.password,\n Cookies: cookies,\n Body: JSON.stringify(comment),\n \n }, \n params.insecure\n );\n if (result.StatusCode !== 201) {\n throw 'Failed to jira-issue-add-comment, request status code: ' + result.StatusCode + ', body: ' + result.Body;\n }\n return JSON.parse(result.Body);\n case 'jira-issue-add-link':\n var cookies = getCookies();\n var url = params.url+'rest\/api\/2\/issue\/'+ args.issueId + '\/remotelink';\n var link = {};\n link.object = {};\n link.object.url = args.url;\n link.object.title = args.title;\n if (args.summary && args.summary.length > 0 ){\n link.summary = args.summary;\n }\n if (args.globalId && args.globalId.length > 0 ){\n link.globalId = args.globalId;\n }\n if (args.relationship && args.relationship.length > 0 ){\n link.relationship = args.relationship;\n }\n if (args.relationship && args.relationship.length > 0 ){\n link.relationship = args.relationship;\n }\n var result = http(\n url, \n {\n Headers: {'Content-Type': ['application\/json']},\n Method: 'POST',\n Username: params.username,\n Password: params.password,\n Cookies: cookies,\n Body: JSON.stringify(link),\n \n }, \n params.insecure\n );\n if (result.StatusCode !== 201) {\n throw 'Failed to jira-issue-add-comment, request status code: ' + result.StatusCode + ', body: ' + result.Body;\n }\n return JSON.parse(result.Body);\n default:\n \/\/ You can use args[argName] or args.argName to get a specific arg. args are strings.\n \/\/ You can use params[paramName] or params.paramName to get a specific params.\n \/\/ Params are of the type given in the integration page creation.\n}", + "type": "javascript", + "commands": [ + { + "name": "jira-issue-query", + "arguments": [ + { + "name": "query", + "required": true, + "default": true, + "secret": false, + "description": "JQL query string" + }, + { + "name": "startAt", + "required": false, + "default": false, + "secret": false, + "description": "The index of the first issue to return (0-based) - format int" + }, + { + "name": "maxResults", + "required": false, + "default": false, + "secret": false, + "description": "the maximum number of issues to return (defaults to 50). The maximum allowable value is dictated by the JIRA property 'jira.search.views.default.max'. If you specify a value that is higher than this number, your search results will be truncated." + } + ], + "description": "Query Jira issues", + "execution": false + }, + { + "name": "jira-get-issue", + "arguments": [ + { + "name": "issueId", + "required": true, + "default": true, + "secret": false, + "description": "Issue id" + } + ], + "description": "Fetch issue from Jira", + "execution": false + }, + { + "name": "jira-create-issue", + "arguments": [ + { + "name": "issueJson", + "required": false, + "default": false, + "secret": false, + "description": "Issue object in json format" + }, + { + "name": "summary", + "required": false, + "default": false, + "secret": false, + "description": "Summary of the issue, a mandatory field" + }, + { + "name": "projectKey", + "required": false, + "default": false, + "secret": false, + "description": "Project key to associate the issue" + }, + { + "name": "issueTypeName", + "required": false, + "default": false, + "secret": false, + "description": "Issue type name, like - Incident" + }, + { + "name": "issueTypeId", + "required": false, + "default": false, + "secret": false, + "description": "Issue type id - format number" + }, + { + "name": "projectName", + "required": false, + "default": false, + "secret": false, + "description": "Project name to associate the issue" + }, + { + "name": "description", + "required": false, + "default": false, + "secret": false, + "description": "Issue description" + }, + { + "name": "labels", + "required": false, + "default": false, + "secret": false, + "description": "comma separated list of label " + }, + { + "name": "priority", + "required": false, + "default": false, + "secret": false, + "description": "priorty name , like High\/Medium" + }, + { + "name": "dueDate", + "required": false, + "default": false, + "secret": false, + "description": "DueDate for the issue, in format of 2018-03-11" + }, + { + "name": "assignee", + "required": false, + "default": false, + "secret": false, + "description": "assignee name" + }, + { + "name": "reporter", + "required": false, + "default": false, + "secret": false, + "description": "reporter name" + } + ], + "description": "Create a new issue on Jira", + "execution": false + }, + { + "name": "jira-issue-upload-file", + "arguments": [ + { + "name": "issueId", + "required": true, + "default": false, + "secret": false, + "description": "Issue id" + }, + { + "name": "upload", + "required": false, + "default": false, + "secret": false, + "description": "Entry id to upload" + } + ], + "description": "Upload a file attachments to an issue", + "execution": false + }, + { + "name": "jira-issue-add-comment", + "arguments": [ + { + "name": "issueId", + "required": true, + "default": true, + "secret": false, + "description": "Issue id" + }, + { + "name": "comment", + "required": true, + "default": false, + "secret": false, + "description": "Comment - the actual comment body" + }, + { + "name": "visibility", + "required": false, + "default": false, + "secret": false, + "description": "Make comment visible ONLy to a certain role - like Administrators" + } + ], + "description": "Add new comment to existing Jira issue", + "execution": false + }, + { + "name": "jira-issue-add-link", + "arguments": [ + { + "name": "globalId", + "required": false, + "default": false, + "secret": false, + "description": "If a globalId is provided and a remote issue link exists with that globalId, the remote issue link is updated" + }, + { + "name": "relationship", + "required": false, + "default": false, + "secret": false, + "description": "object relationship to issue , like - causes" + }, + { + "name": "url", + "required": true, + "default": false, + "secret": false, + "description": "link url" + }, + { + "name": "title", + "required": true, + "default": false, + "secret": false, + "description": "link title" + }, + { + "name": "summary", + "required": false, + "default": false, + "secret": false, + "description": "link summary" + }, + { + "name": "issueId", + "required": true, + "default": false, + "secret": false, + "description": "Issue Id" + } + ], + "description": "Creates (or updates) issue link", + "execution": false + } + ] + }, + "system": true, + "isPasswordProtected": false +} \ No newline at end of file diff --git a/Misc/reputations.json b/Misc/reputations.json new file mode 100644 index 000000000000..0496b7a72318 --- /dev/null +++ b/Misc/reputations.json @@ -0,0 +1,51 @@ +{ + "reputations": [ + { + "id": "fileRep", + "file": true, + "version": -1, + "regex": "", + "details": "File enhancement scripts", + "enhancementScriptNames": ["Strings", "CYFileRep"] + }, + { + "id": "ipRep", + "version": -1, + "regex": "\\b(?:[0-9]{1,3}\\.){3}[0-9]{1,3}\\b", + "reputationScriptName": "DataIPReputation", + "details": "IP Reputation", + "enhancementScriptNames": ["IPReputation", "SplunkSearch"] + }, + { + "id": "hashRep", + "version": -1, + "regex": "\\b[a-fA-F\\d]{32}\\b", + "reputationScriptName": "DataHashReputation", + "details": "Hash Reputation", + "enhancementScriptNames": ["FileReputation", "SplunkSearch", "WildfireReport"] + }, + { + "id": "emailRep", + "version": -1, + "regex": "\\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\\.[A-Za-z]{2,}\\b", + "details": "Email Reputation", + "enhancementScriptNames": ["EmailReputation"] + }, + { + "id": "urlRep", + "version": -1, + "regex": "(?i)(?:(?:https?|ftp):\\/\\/|www\\.|ftp\\.)(?:\\([-A-Z0-9+&@#\\/%=~_|$?!:,.]*\\)|[-A-Z0-9+&@#\\/%=~_|$?!:,.])*(?:\\([-A-Z0-9+&@#\\/%=~_|$?!:,.]*\\)|[A-Z0-9+&@#\\/%=~_|$])", + "reputationScriptName": "DataURLReputation", + "details": "URL Reputation", + "enhancementScriptNames": ["URLReputation", "SplunkSearch"] + }, + { + "id": "registryRep", + "version": -1, + "regex": "((?i)hk((EY_(CLASSES_ROOT|PERFORMANCE_DATA|LOCAL_MACHINE|CURRENT_(CONFIG|USER)|USERS))|LM|CR|CU|U|CC|PD))[\\\\\\w\\}\\{\\.\\-\\ \\*]*", + "reputationScriptName": "RegPathReputationBasicLists", + "details": "Registry Path Reputation", + "enhancementScriptNames": ["RegCollectValues", "CBEvents"] + } + ] +} diff --git a/circle.yml b/circle.yml index 76fa180d169d..37a4ff440a5d 100644 --- a/circle.yml +++ b/circle.yml @@ -3,6 +3,8 @@ test: - ls post: - mkdir bundle + - cp Integrations/* bundle/ + - cp Misc/* bundle/ - cp Playbooks/* bundle/ - cp Reports/* bundle/ - cp $(find Scripts -type f -print) bundle/