diff --git a/Packs/CortexXDR/TestPlaybooks/Test_Playbook_-_Cortex_XDR_Malware_-_Incident_Enrichment.yml b/Packs/CortexXDR/TestPlaybooks/Test_Playbook_-_Cortex_XDR_Malware_-_Incident_Enrichment.yml index e21c95d78751..2c5b8a41bd4a 100644 --- a/Packs/CortexXDR/TestPlaybooks/Test_Playbook_-_Cortex_XDR_Malware_-_Incident_Enrichment.yml +++ b/Packs/CortexXDR/TestPlaybooks/Test_Playbook_-_Cortex_XDR_Malware_-_Incident_Enrichment.yml @@ -6,10 +6,10 @@ starttaskid: "0" tasks: "0": id: "0" - taskid: ce53f9de-f436-41e7-8503-462a2f1d335b + taskid: 3f4e9d64-ac90-4fe6-8db9-9c1bf19300b5 type: start task: - id: ce53f9de-f436-41e7-8503-462a2f1d335b + id: 3f4e9d64-ac90-4fe6-8db9-9c1bf19300b5 version: -1 name: "" iscommand: false @@ -36,10 +36,10 @@ tasks: isautoswitchedtoquietmode: false "32": id: "32" - taskid: 41d60b6d-e2e8-46db-8c86-5dd132deea9d + taskid: ad628ec6-62fc-4169-8c17-fa3f74befc77 type: regular task: - id: 41d60b6d-e2e8-46db-8c86-5dd132deea9d + id: ad628ec6-62fc-4169-8c17-fa3f74befc77 version: -1 name: Delete Context description: The task deletes all of the context data. Having a clean beginning to a test playbook ensures that a test can be sterile and that unrelated issues can be eliminated. @@ -71,10 +71,10 @@ tasks: isautoswitchedtoquietmode: false "39": id: "39" - taskid: 2cf93b06-d0ce-4420-84a2-1a03397d6c3f + taskid: c4a8cdbb-13d3-45b0-8e2f-e00eeaefa685 type: title task: - id: 2cf93b06-d0ce-4420-84a2-1a03397d6c3f + id: c4a8cdbb-13d3-45b0-8e2f-e00eeaefa685 version: -1 name: '''ExtractedIndicators'' Context Data' type: title @@ -84,7 +84,6 @@ tasks: nexttasks: '#none#': - "102" - - "100" - "40" - "103" - "101" @@ -106,10 +105,10 @@ tasks: isautoswitchedtoquietmode: false "40": id: "40" - taskid: 0c1c076f-d4f5-485b-8a13-e6eff38ea4d7 + taskid: 6329a83b-18de-4af3-83c2-55b117dffc44 type: condition task: - id: 0c1c076f-d4f5-485b-8a13-e6eff38ea4d7 + id: 6329a83b-18de-4af3-83c2-55b117dffc44 version: -1 name: Verify Domain description: Verify that the ‘ExtractedIndicators.Domain’ context key was extracted correctly. @@ -151,10 +150,10 @@ tasks: isautoswitchedtoquietmode: false "46": id: "46" - taskid: 151ea834-2184-428f-850a-96561115dc32 + taskid: 37dd6b89-a138-49b0-8b1c-ca3aa6b9b8a0 type: condition task: - id: 151ea834-2184-428f-850a-96561115dc32 + id: 37dd6b89-a138-49b0-8b1c-ca3aa6b9b8a0 version: -1 name: Verify Incident description: | @@ -182,7 +181,7 @@ tasks: view: |- { "position": { - "x": 2260, + "x": 1780, "y": 1560 } } @@ -195,10 +194,10 @@ tasks: isautoswitchedtoquietmode: false "53": id: "53" - taskid: 51fe6e6d-8a39-4fab-843a-bb261595a1b4 + taskid: bca0213c-20b3-4bc2-8806-a57377b467f6 type: title task: - id: 51fe6e6d-8a39-4fab-843a-bb261595a1b4 + id: bca0213c-20b3-4bc2-8806-a57377b467f6 version: -1 name: Done verifying 'ExtractedIndicators' type: title @@ -226,10 +225,10 @@ tasks: isautoswitchedtoquietmode: false "63": id: "63" - taskid: 2bc0cf95-7583-4dc1-8b32-a441b586be48 + taskid: 2fcd7a03-1069-493e-8c48-dc5b23fff748 type: title task: - id: 2bc0cf95-7583-4dc1-8b32-a441b586be48 + id: 2fcd7a03-1069-493e-8c48-dc5b23fff748 version: -1 name: '''Account'' Context Data' type: title @@ -257,10 +256,10 @@ tasks: isautoswitchedtoquietmode: false "64": id: "64" - taskid: 33fc1a06-3fe3-4792-88fe-e8f8055a0c21 + taskid: 51c4c257-b2b0-48a5-8762-585ff8a5bbb2 type: title task: - id: 33fc1a06-3fe3-4792-88fe-e8f8055a0c21 + id: 51c4c257-b2b0-48a5-8762-585ff8a5bbb2 version: -1 name: '''File'' Context Data' type: title @@ -269,7 +268,6 @@ tasks: description: '' nexttasks: '#none#': - - "78" - "218" - "220" separatecontext: false @@ -290,10 +288,10 @@ tasks: isautoswitchedtoquietmode: false "65": id: "65" - taskid: e316fa9b-05b4-4ac3-8288-0337a4d40cb8 + taskid: 8d859cac-0100-4252-8af2-db01e1a6a4ab type: title task: - id: e316fa9b-05b4-4ac3-8288-0337a4d40cb8 + id: 8d859cac-0100-4252-8af2-db01e1a6a4ab version: -1 name: '''Endpoint'' Context Data' type: title @@ -329,10 +327,10 @@ tasks: isautoswitchedtoquietmode: false "67": id: "67" - taskid: 8504176f-fe3d-43b8-8b52-83607070b028 + taskid: 815d0e91-61b0-474e-81f0-426161d0f412 type: title task: - id: 8504176f-fe3d-43b8-8b52-83607070b028 + id: 815d0e91-61b0-474e-81f0-426161d0f412 version: -1 name: '''IP'' Context Data' type: title @@ -360,10 +358,10 @@ tasks: isautoswitchedtoquietmode: false "69": id: "69" - taskid: 9d986bde-c7e1-42d7-809f-65ca58266e0e + taskid: 58ef5e7e-84bb-4296-81bd-210c9c975829 type: title task: - id: 9d986bde-c7e1-42d7-809f-65ca58266e0e + id: 58ef5e7e-84bb-4296-81bd-210c9c975829 version: -1 name: '''Domain'' Context Data' type: title @@ -391,10 +389,10 @@ tasks: isautoswitchedtoquietmode: false "73": id: "73" - taskid: 4c8a42da-ea94-4408-8458-8e1c8ddcfa5f + taskid: 81f4591b-7603-4f4a-8d7b-5386173ee447 type: condition task: - id: 4c8a42da-ea94-4408-8458-8e1c8ddcfa5f + id: 81f4591b-7603-4f4a-8d7b-5386173ee447 version: -1 name: Verify Alerts description: Verify that the ‘PaloAltoNetworksXDR.Incident.Alerts’ context key was extracted correctly. @@ -421,49 +419,7 @@ tasks: view: |- { "position": { - "x": 1820, - "y": 1560 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false - "74": - id: "74" - taskid: 60c9aeab-190a-40ea-826e-7555cc2a14fd - type: condition - task: - id: 60c9aeab-190a-40ea-826e-7555cc2a14fd - version: -1 - name: Verify Network Artifacts - description: | - Verify that the ‘PaloAltoNetworksXDR.Incident.network_artifacts’ context key was extracted correctly. - type: condition - iscommand: false - brand: "" - nexttasks: - ' Verified': - - "113" - '#default#': - - "115" - separatecontext: false - conditions: - - label: ' Verified' - condition: - - - operator: isExists - left: - value: - simple: PaloAltoNetworksXDR.Incident.network_artifacts - iscontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 1370, + "x": 1340, "y": 1560 } } @@ -476,10 +432,10 @@ tasks: isautoswitchedtoquietmode: false "75": id: "75" - taskid: d7c338fc-2428-4c17-8cb9-1a62ae382647 + taskid: e6e3ee65-fc60-45c9-854b-7145c7d321a8 type: condition task: - id: d7c338fc-2428-4c17-8cb9-1a62ae382647 + id: e6e3ee65-fc60-45c9-854b-7145c7d321a8 version: -1 name: Verify File Artifacts description: | @@ -516,56 +472,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "78": - id: "78" - taskid: 0ae5e447-bdd0-4a44-84ce-e23ac064ff93 - type: condition - task: - id: 0ae5e447-bdd0-4a44-84ce-e23ac064ff93 - version: -1 - name: Verify Path - description: Verify that the 'File.Path’ context key was extracted correctly. - type: condition - iscommand: false - brand: "" - nexttasks: - '#default#': - - "142" - Verified: - - "128" - separatecontext: false - conditions: - - label: Verified - condition: - - - operator: isNotEmpty - left: - value: - complex: - root: File - accessor: Path - iscontext: true - ignorecase: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 1735, - "y": 2795 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "79": id: "79" - taskid: 1b8780f5-c88b-4c1b-822d-842f527586e5 + taskid: 57770e5e-9e2e-4bf0-8d93-55da6ec585bd type: condition task: - id: 1b8780f5-c88b-4c1b-822d-842f527586e5 + id: 57770e5e-9e2e-4bf0-8d93-55da6ec585bd version: -1 name: Verify Email Address description: Verify that the 'Account.Email.Address’ context key was extracted correctly. @@ -612,10 +524,10 @@ tasks: isautoswitchedtoquietmode: false "81": id: "81" - taskid: 2ffd56b0-26e8-4d21-857c-f59870b6a52c + taskid: ce567743-e042-4e90-8968-ea226e6eddd8 type: condition task: - id: 2ffd56b0-26e8-4d21-857c-f59870b6a52c + id: ce567743-e042-4e90-8968-ea226e6eddd8 version: -1 name: Verify IP Address description: Verify that the 'IP.Address’ context key was extracted correctly. @@ -687,10 +599,10 @@ tasks: isautoswitchedtoquietmode: false "84": id: "84" - taskid: 2e4e3fde-110c-4ce4-8f40-00180e9ff00e + taskid: 41b299e7-b523-413c-86ae-6993ae391366 type: title task: - id: 2e4e3fde-110c-4ce4-8f40-00180e9ff00e + id: 41b299e7-b523-413c-86ae-6993ae391366 version: -1 name: Start Tests type: title @@ -717,55 +629,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "100": - id: "100" - taskid: b9e7e466-f574-48ee-8d3d-4a49c619d342 - type: condition - task: - id: b9e7e466-f574-48ee-8d3d-4a49c619d342 - version: -1 - name: Verify Email - description: Verify that the ‘ExtractedIndicators.Email’ context key was extracted correctly. - type: condition - iscommand: false - brand: "" - nexttasks: - ' Verified': - - "53" - '#default#': - - "106" - separatecontext: false - conditions: - - label: ' Verified' - condition: - - - operator: isNotEmpty - left: - value: - complex: - root: ExtractedIndicators - accessor: Email - iscontext: true - continueonerrortype: "" - view: |- - { - "position": { - "x": 1340, - "y": 2180 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "101": id: "101" - taskid: c24411ce-fc68-460e-8e82-b6efd66d1567 + taskid: a9815dcd-9678-4916-8d19-cb2ebde5c76b type: condition task: - id: c24411ce-fc68-460e-8e82-b6efd66d1567 + id: a9815dcd-9678-4916-8d19-cb2ebde5c76b version: -1 name: Verify File description: Verify that the ‘ExtractedIndicators.File’ context key was extracted correctly. @@ -799,7 +668,7 @@ tasks: view: |- { "position": { - "x": 2640, + "x": 2240, "y": 2180 } } @@ -812,10 +681,10 @@ tasks: isautoswitchedtoquietmode: false "102": id: "102" - taskid: a251aba9-1639-4fc8-8cb7-ca6b2c1587f5 + taskid: fc130f9a-bcfe-407b-836f-b10c06d4f415 type: condition task: - id: a251aba9-1639-4fc8-8cb7-ca6b2c1587f5 + id: fc130f9a-bcfe-407b-836f-b10c06d4f415 version: -1 name: Verify IP description: Verify that the ‘ExtractedIndicators.IP’ context key was extracted correctly. @@ -849,7 +718,7 @@ tasks: view: |- { "position": { - "x": 1750, + "x": 1350, "y": 2180 } } @@ -862,10 +731,10 @@ tasks: isautoswitchedtoquietmode: false "103": id: "103" - taskid: 8635ae04-8b35-4b46-8a85-6c0f80a3d4dc + taskid: 27f45f25-99c8-49d5-8123-a11759d71112 type: condition task: - id: 8635ae04-8b35-4b46-8a85-6c0f80a3d4dc + id: 27f45f25-99c8-49d5-8123-a11759d71112 version: -1 name: Verify URL description: Verify that the ‘ExtractedIndicators.URL’ context key was extracted correctly. @@ -895,7 +764,7 @@ tasks: view: |- { "position": { - "x": 2200, + "x": 1800, "y": 2180 } } @@ -908,10 +777,10 @@ tasks: isautoswitchedtoquietmode: false "105": id: "105" - taskid: 8be2b5f3-ca3c-4833-87f3-e6a263029abe + taskid: a598e464-4420-4796-8a84-3c1f065fd408 type: regular task: - id: 8be2b5f3-ca3c-4833-87f3-e6a263029abe + id: a598e464-4420-4796-8a84-3c1f065fd408 version: -1 name: Verify Context Data Error - Domain description: Prints an error entry with a given message @@ -938,44 +807,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "106": - id: "106" - taskid: 2c28a092-b5fc-4a3b-889a-9f1941aac644 - type: regular - task: - id: 2c28a092-b5fc-4a3b-889a-9f1941aac644 - version: -1 - name: Verify Context Data Error - Email - description: Prints an error entry with a given message - scriptName: PrintErrorEntry - type: regular - iscommand: false - brand: "" - scriptarguments: - message: - simple: "The 'Email' context key not extracted properly. This may indicate that one or more of the following changes have been made to the 'Cortex XDR Malware - Incident Enrichment' playbook:\n1- The 'extractIndicators' automation outputs have been modified and no longer contain the 'ExtractedIndicators.Email' context key. \n2- The 'text' input configuration was changed for the 'extractIndicators' automation used in the 'Extract Indicators' task." - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 1340, - "y": 2435 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "107": id: "107" - taskid: 8be47a5f-2b05-452c-8a6c-465312a53367 + taskid: f89675cd-b53d-491d-8ac4-79e570f2445b type: regular task: - id: 8be47a5f-2b05-452c-8a6c-465312a53367 + id: f89675cd-b53d-491d-8ac4-79e570f2445b version: -1 name: Verify Context Data Error - File description: Prints an error entry with a given message @@ -991,7 +828,7 @@ tasks: view: |- { "position": { - "x": 2640, + "x": 2240, "y": 2435 } } @@ -1004,10 +841,10 @@ tasks: isautoswitchedtoquietmode: false "108": id: "108" - taskid: 111faec1-1b82-4b5f-8b29-79c17186dfdb + taskid: 24bc5de4-5a07-4ffa-814d-01f4c58d68db type: regular task: - id: 111faec1-1b82-4b5f-8b29-79c17186dfdb + id: 24bc5de4-5a07-4ffa-814d-01f4c58d68db version: -1 name: Verify Context Data Error - IP description: Prints an error entry with a given message @@ -1023,7 +860,7 @@ tasks: view: |- { "position": { - "x": 1750, + "x": 1350, "y": 2435 } } @@ -1036,10 +873,10 @@ tasks: isautoswitchedtoquietmode: false "109": id: "109" - taskid: b1dc2e5d-9f6a-4fe0-801e-d9f82a9af649 + taskid: 44eefb86-40b4-477c-87eb-7fa154032c33 type: regular task: - id: b1dc2e5d-9f6a-4fe0-801e-d9f82a9af649 + id: 44eefb86-40b4-477c-87eb-7fa154032c33 version: -1 name: Verify Context Data Error - URL description: Prints an error entry with a given message @@ -1055,7 +892,7 @@ tasks: view: |- { "position": { - "x": 2200, + "x": 1800, "y": 2435 } } @@ -1068,10 +905,10 @@ tasks: isautoswitchedtoquietmode: false "112": id: "112" - taskid: 40f54a83-2c2d-4da1-8225-171b5051dd5d + taskid: 6abe1679-e231-48a8-81cd-63dda93c5d63 type: title task: - id: 40f54a83-2c2d-4da1-8225-171b5051dd5d + id: 6abe1679-e231-48a8-81cd-63dda93c5d63 version: -1 name: '''PaloAltoNetworksXDR'' Context Data' type: title @@ -1082,7 +919,6 @@ tasks: '#none#': - "46" - "73" - - "74" - "75" separatecontext: false continueonerrortype: "" @@ -1102,10 +938,10 @@ tasks: isautoswitchedtoquietmode: false "113": id: "113" - taskid: 0dcedcb6-4ae0-47c8-872b-b8875264ef6f + taskid: 79a2f814-5c87-485c-8274-1ec75fa9fc8c type: title task: - id: 0dcedcb6-4ae0-47c8-872b-b8875264ef6f + id: 79a2f814-5c87-485c-8274-1ec75fa9fc8c version: -1 name: Done verifying 'PaloAltoNetworksXDR' type: title @@ -1133,10 +969,10 @@ tasks: isautoswitchedtoquietmode: false "114": id: "114" - taskid: be839f39-77e9-4997-863d-a35a4bd4c1f6 + taskid: dff4f8c9-65f3-42b7-81a0-2a4642626003 type: regular task: - id: be839f39-77e9-4997-863d-a35a4bd4c1f6 + id: dff4f8c9-65f3-42b7-81a0-2a4642626003 version: -1 name: Verify Context Error - File Artifacts description: Prints an error entry with a given message @@ -1163,44 +999,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "115": - id: "115" - taskid: 332301b1-ea6a-4ce8-855a-e62cbe831d9c - type: regular - task: - id: 332301b1-ea6a-4ce8-855a-e62cbe831d9c - version: -1 - name: Verify Context Error - Network Artifacts - description: Prints an error entry with a given message - scriptName: PrintErrorEntry - type: regular - iscommand: false - brand: "" - scriptarguments: - message: - simple: "The 'PaloAltoNetworksXDR.Incident.network_artifacts' context key not extracted properly. This may indicate that one or more of the following changes have been made to the 'Cortex XDR Malware - Incident Enrichment' playbook:\n1- The 'xdr-get-incident-extra-data' automation outputs have been modified and no longer contain the 'PaloAltoNetworksXDR.Incident.network_artifacts' context key. \n2- The 'incident_id' input configuration was changed for the 'xdr-get-incident-extra-data' automation used in the 'Get Full Incident Details' task." - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 1370, - "y": 1805 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "116": id: "116" - taskid: 2916273e-6b3b-4d10-844a-d273b741e083 + taskid: 06e50144-748e-4e32-8730-7504535f1b7c type: regular task: - id: 2916273e-6b3b-4d10-844a-d273b741e083 + id: 06e50144-748e-4e32-8730-7504535f1b7c version: -1 name: Verify Context Data Error - Alerts description: Prints an error entry with a given message @@ -1216,7 +1020,7 @@ tasks: view: |- { "position": { - "x": 1820, + "x": 1340, "y": 1805 } } @@ -1229,10 +1033,10 @@ tasks: isautoswitchedtoquietmode: false "117": id: "117" - taskid: 222aaff8-e607-4ffc-8b85-0ef50cd419bc + taskid: cf0fd222-0bf1-45ef-8d87-cff57f9e61fa type: regular task: - id: 222aaff8-e607-4ffc-8b85-0ef50cd419bc + id: cf0fd222-0bf1-45ef-8d87-cff57f9e61fa version: -1 name: Verify Context Data Error - Incident description: Prints an error entry with a given message @@ -1248,7 +1052,7 @@ tasks: view: |- { "position": { - "x": 2260, + "x": 1780, "y": 1805 } } @@ -1261,10 +1065,10 @@ tasks: isautoswitchedtoquietmode: false "125": id: "125" - taskid: 1f85052d-18bb-44df-8ab6-38a752b9f717 + taskid: 9ada667b-8bbf-477a-86f8-2ee768fd031f type: regular task: - id: 1f85052d-18bb-44df-8ab6-38a752b9f717 + id: 9ada667b-8bbf-477a-86f8-2ee768fd031f version: -1 name: Verify Context Error - Hostname description: Prints an error entry with a given message @@ -1293,10 +1097,10 @@ tasks: isautoswitchedtoquietmode: false "126": id: "126" - taskid: 14c72629-852c-40e2-8836-dacbe996e37f + taskid: 8bc18ddc-3660-4297-8cff-1a42d4baef17 type: title task: - id: 14c72629-852c-40e2-8836-dacbe996e37f + id: 8bc18ddc-3660-4297-8cff-1a42d4baef17 version: -1 name: Done verifying 'Domain' context type: title @@ -1324,10 +1128,10 @@ tasks: isautoswitchedtoquietmode: false "127": id: "127" - taskid: c7e143a3-37dc-4fd3-86c3-33e52ea9b141 + taskid: a5afc08e-d33d-43a3-8c23-e17afdcc43d3 type: title task: - id: c7e143a3-37dc-4fd3-86c3-33e52ea9b141 + id: a5afc08e-d33d-43a3-8c23-e17afdcc43d3 version: -1 name: Done verifying 'Endpoint' type: title @@ -1355,10 +1159,10 @@ tasks: isautoswitchedtoquietmode: false "128": id: "128" - taskid: deb17f30-6cad-455c-8a1d-741f58ca9e05 + taskid: 568b5899-7ed9-4c65-8fe0-8cf2c29bc01c type: title task: - id: deb17f30-6cad-455c-8a1d-741f58ca9e05 + id: 568b5899-7ed9-4c65-8fe0-8cf2c29bc01c version: -1 name: Done verifying 'File' type: title @@ -1386,10 +1190,10 @@ tasks: isautoswitchedtoquietmode: false "131": id: "131" - taskid: 8d5c5a9a-263b-46f8-8ae3-a67854a3dd57 + taskid: 663a2b84-568a-4f22-86ba-d2a12f3b807a type: title task: - id: 8d5c5a9a-263b-46f8-8ae3-a67854a3dd57 + id: 663a2b84-568a-4f22-86ba-d2a12f3b807a version: -1 name: Done verifying 'IP' context type: title @@ -1417,10 +1221,10 @@ tasks: isautoswitchedtoquietmode: false "132": id: "132" - taskid: f27e3e88-b3ca-4731-8f6a-c94b64da9a1d + taskid: 0f6516cb-8673-4233-8569-bcde45b77c29 type: title task: - id: f27e3e88-b3ca-4731-8f6a-c94b64da9a1d + id: 0f6516cb-8673-4233-8569-bcde45b77c29 version: -1 name: Check Incident Fields type: title @@ -1460,10 +1264,10 @@ tasks: isautoswitchedtoquietmode: false "136": id: "136" - taskid: e3e8abb4-8759-4314-8a2b-c195500c2d51 + taskid: fc4e0550-9a27-48dc-8e59-e1c4e60306e2 type: title task: - id: e3e8abb4-8759-4314-8a2b-c195500c2d51 + id: fc4e0550-9a27-48dc-8e59-e1c4e60306e2 version: -1 name: Done verifying Incident Fields type: title @@ -1491,10 +1295,10 @@ tasks: isautoswitchedtoquietmode: false "137": id: "137" - taskid: af5246cd-6aa7-4da7-854c-48d506d695a4 + taskid: eea8f07a-e7c5-4213-8e94-a36bea70aebd type: condition task: - id: af5246cd-6aa7-4da7-854c-48d506d695a4 + id: eea8f07a-e7c5-4213-8e94-a36bea70aebd version: -1 name: Verify Alerts And Related Info description: |- @@ -1553,10 +1357,10 @@ tasks: isautoswitchedtoquietmode: false "138": id: "138" - taskid: f8a58928-9237-45a0-8da3-8df1c4ee736c + taskid: 4cfeda80-a069-425e-82d5-9093bff55a8e type: regular task: - id: f8a58928-9237-45a0-8da3-8df1c4ee736c + id: 4cfeda80-a069-425e-82d5-9093bff55a8e version: -1 name: Verify Incident Field Error - Alerts And Related Info description: Prints an error entry with a given message @@ -1587,10 +1391,10 @@ tasks: isautoswitchedtoquietmode: false "140": id: "140" - taskid: 992e6a77-8ea9-4c50-825c-0b74b7e80dbe + taskid: a07eca09-4876-42ad-8424-27ff32e1ee64 type: regular task: - id: 992e6a77-8ea9-4c50-825c-0b74b7e80dbe + id: a07eca09-4876-42ad-8424-27ff32e1ee64 version: -1 name: Verify Incident Field Error - MD5 description: Prints an error entry with a given message @@ -1617,44 +1421,12 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false - "142": - id: "142" - taskid: e9c14ff9-1a15-4aaa-8135-fada3c59b25b - type: regular - task: - id: e9c14ff9-1a15-4aaa-8135-fada3c59b25b - version: -1 - name: Verify Context Error - Path - description: Prints an error entry with a given message - scriptName: PrintErrorEntry - type: regular - iscommand: false - brand: "" - scriptarguments: - message: - simple: "The 'File.Path’ context key not extracted properly. This may indicate that one or more of the following changes have been made to the 'Cortex XDR Malware - Incident Enrichment' playbook:\n1- The 'xdr-get-incident-extra-data' automation outputs have been modified and no longer contain the 'File.Path' context key. \n2- The 'incident_id' input configuration was changed for the 'xdr-get-incident-extra-data' automation used in the 'Get Full Incident Details' task." - separatecontext: false - continueonerrortype: "" - view: |- - { - "position": { - "x": 1735, - "y": 3015 - } - } - note: false - timertriggers: [] - ignoreworker: false - skipunavailable: false - quietmode: 0 - isoversize: false - isautoswitchedtoquietmode: false "144": id: "144" - taskid: 290a1358-4eed-412d-8ce2-1cebf7d508dc + taskid: 7b1fa7af-f190-4def-855f-d90ee4d70570 type: regular task: - id: 290a1358-4eed-412d-8ce2-1cebf7d508dc + id: 7b1fa7af-f190-4def-855f-d90ee4d70570 version: -1 name: Verify Context Error - Email Address description: Prints an error entry with a given message @@ -1683,10 +1455,10 @@ tasks: isautoswitchedtoquietmode: false "145": id: "145" - taskid: 2ee6801d-e142-42fe-896e-4b1d2b4403ab + taskid: ef927510-1489-4c02-8ac5-401294e24c5a type: regular task: - id: 2ee6801d-e142-42fe-896e-4b1d2b4403ab + id: ef927510-1489-4c02-8ac5-401294e24c5a version: -1 name: Verify Context Error - IP Address description: Prints an error entry with a given message @@ -1715,10 +1487,10 @@ tasks: isautoswitchedtoquietmode: false "149": id: "149" - taskid: b126cb15-e72c-4b73-8585-d7dd1a995834 + taskid: 0c220317-bbb1-4e1d-8f9c-230b94e9a461 type: regular task: - id: b126cb15-e72c-4b73-8585-d7dd1a995834 + id: 0c220317-bbb1-4e1d-8f9c-230b94e9a461 version: -1 name: Set Incident Fields To Context description: Add incident fields required for testing to the mock incident. @@ -1731,13 +1503,11 @@ tasks: - "150" scriptarguments: agentsid: - simple: f8a2f58846b542579c12090652e79f3d + simple: aeec6a2cc92e46fab3b6f621722e9916 alertsandrelatedinfo: simple: '[{"columnheader3":""},{},{}]' externalsystemid: - simple: "63" - type: - simple: Malware Investigation and Response + simple: "84" separatecontext: false continueonerrortype: "" view: |- @@ -1754,12 +1524,16 @@ tasks: quietmode: 0 isoversize: false isautoswitchedtoquietmode: false + fieldMapping: + - incidentfield: Agents ID + output: + simple: aeec6a2cc92e46fab3b6f621722e9916 "150": id: "150" - taskid: 837ed1d7-8847-42e3-8aae-58a611201e40 + taskid: 72f7258f-f6ba-4d46-834f-0de1ec2351fd type: playbook task: - id: 837ed1d7-8847-42e3-8aae-58a611201e40 + id: 72f7258f-f6ba-4d46-834f-0de1ec2351fd version: -1 name: Cortex XDR Malware - Incident Enrichment playbookName: Cortex XDR Malware - Incident Enrichment @@ -1798,10 +1572,10 @@ tasks: isautoswitchedtoquietmode: false "151": id: "151" - taskid: 4f384f59-8318-4dd1-8c98-475e10ce4ea7 + taskid: 2b6fc58a-6410-4e10-8e49-dc3b89c4c9a8 type: title task: - id: 4f384f59-8318-4dd1-8c98-475e10ce4ea7 + id: 2b6fc58a-6410-4e10-8e49-dc3b89c4c9a8 version: -1 name: Check Context Data type: title @@ -1836,10 +1610,10 @@ tasks: isautoswitchedtoquietmode: false "152": id: "152" - taskid: eb64db79-f6bb-4dc8-8364-475d3143a2de + taskid: ccbfd03a-d592-4f31-8fb3-95ef1c4f6403 type: condition task: - id: eb64db79-f6bb-4dc8-8364-475d3143a2de + id: ccbfd03a-d592-4f31-8fb3-95ef1c4f6403 version: -1 name: Verify MD5 description: | @@ -1878,10 +1652,10 @@ tasks: isautoswitchedtoquietmode: false "153": id: "153" - taskid: 972e4167-e513-42a7-8a84-e2467ae462f3 + taskid: 2567b6e4-ebdd-45e6-8603-1fb510a68f62 type: condition task: - id: 972e4167-e513-42a7-8a84-e2467ae462f3 + id: 2567b6e4-ebdd-45e6-8603-1fb510a68f62 version: -1 name: Verify Parent Process File Path description: | @@ -1920,10 +1694,10 @@ tasks: isautoswitchedtoquietmode: false "154": id: "154" - taskid: fc33ffb8-8d09-46a6-88b9-42ec97e5bc7e + taskid: 6da95ab3-3dc8-4afc-82e2-82aea6e20df1 type: condition task: - id: fc33ffb8-8d09-46a6-88b9-42ec97e5bc7e + id: 6da95ab3-3dc8-4afc-82e2-82aea6e20df1 version: -1 name: Verify Process Name description: | @@ -1962,10 +1736,10 @@ tasks: isautoswitchedtoquietmode: false "155": id: "155" - taskid: be746b22-552e-4a2d-8f16-f825af360c6d + taskid: 10760210-a42e-407c-8ff4-ba493f7b2532 type: condition task: - id: be746b22-552e-4a2d-8f16-f825af360c6d + id: 10760210-a42e-407c-8ff4-ba493f7b2532 version: -1 name: Verify Process Path description: | @@ -2004,10 +1778,10 @@ tasks: isautoswitchedtoquietmode: false "156": id: "156" - taskid: eae45149-8ddf-4e8a-822e-4738b5435ba7 + taskid: ee5ef1cb-8861-44a0-8cf5-bffbf36ca2b0 type: condition task: - id: eae45149-8ddf-4e8a-822e-4738b5435ba7 + id: ee5ef1cb-8861-44a0-8cf5-bffbf36ca2b0 version: -1 name: Verify SHA256 description: | @@ -2046,10 +1820,10 @@ tasks: isautoswitchedtoquietmode: false "157": id: "157" - taskid: 34fcc697-01ed-4c80-8857-e84e5c3f8476 + taskid: 1a6fb3db-257f-4fe8-8955-5cbf4eb8c412 type: regular task: - id: 34fcc697-01ed-4c80-8857-e84e5c3f8476 + id: 1a6fb3db-257f-4fe8-8955-5cbf4eb8c412 version: -1 name: Verify Incident Field Error - Parent Process File Path description: Prints an error entry with a given message @@ -2078,10 +1852,10 @@ tasks: isautoswitchedtoquietmode: false "158": id: "158" - taskid: 2df53ae4-5fe4-450d-88ad-1690a841e070 + taskid: a557f4e5-9cb3-43b7-8ef8-8decdc10d85b type: regular task: - id: 2df53ae4-5fe4-450d-88ad-1690a841e070 + id: a557f4e5-9cb3-43b7-8ef8-8decdc10d85b version: -1 name: Verify Incident Field Error - Process Name description: Prints an error entry with a given message @@ -2110,10 +1884,10 @@ tasks: isautoswitchedtoquietmode: false "159": id: "159" - taskid: 4bb60141-f1b2-4bac-8259-6f1166b65841 + taskid: b3ca26ff-adb7-4bdf-8479-9fd1573539e6 type: regular task: - id: 4bb60141-f1b2-4bac-8259-6f1166b65841 + id: b3ca26ff-adb7-4bdf-8479-9fd1573539e6 version: -1 name: Verify Incident Field Error - Process Path description: Prints an error entry with a given message @@ -2142,10 +1916,10 @@ tasks: isautoswitchedtoquietmode: false "160": id: "160" - taskid: f45f68c9-85c7-473b-8bb0-320f0bec56dd + taskid: 517f1b25-68b7-4cd7-8872-bf1a7c0f0041 type: regular task: - id: f45f68c9-85c7-473b-8bb0-320f0bec56dd + id: 517f1b25-68b7-4cd7-8872-bf1a7c0f0041 version: -1 name: Verify Incident Field Error - SHA256 description: Prints an error entry with a given message @@ -2174,10 +1948,10 @@ tasks: isautoswitchedtoquietmode: false "161": id: "161" - taskid: 05fe45f6-6fa4-4b47-805c-82fdd32653f9 + taskid: ff078ec4-6ce9-4c31-8d9e-12b6a43d52e0 type: condition task: - id: 05fe45f6-6fa4-4b47-805c-82fdd32653f9 + id: ff078ec4-6ce9-4c31-8d9e-12b6a43d52e0 version: -1 name: Verify Account Member Of description: | @@ -2218,10 +1992,10 @@ tasks: isautoswitchedtoquietmode: false "162": id: "162" - taskid: 85ba39f2-2dad-43a9-8a02-596896e7c20d + taskid: 17dc822e-80b1-494d-80f4-2eb30b9f1341 type: condition task: - id: 85ba39f2-2dad-43a9-8a02-596896e7c20d + id: 17dc822e-80b1-494d-80f4-2eb30b9f1341 version: -1 name: Verify Account Name description: | @@ -2262,10 +2036,10 @@ tasks: isautoswitchedtoquietmode: false "163": id: "163" - taskid: dfa7bcef-ef16-4e5f-8878-0fa7315666be + taskid: efcd6ad0-b0a6-47f6-83f0-aee5b92e3b62 type: condition task: - id: dfa7bcef-ef16-4e5f-8878-0fa7315666be + id: efcd6ad0-b0a6-47f6-83f0-aee5b92e3b62 version: -1 name: Verify Account Status description: | @@ -2306,10 +2080,10 @@ tasks: isautoswitchedtoquietmode: false "166": id: "166" - taskid: 99aa7dce-52d3-43dc-86f3-e512963eb242 + taskid: 9b5994f7-bd13-4ddc-8937-563b1104a9a5 type: condition task: - id: 99aa7dce-52d3-43dc-86f3-e512963eb242 + id: 9b5994f7-bd13-4ddc-8937-563b1104a9a5 version: -1 name: Verify Manager Name description: | @@ -2350,10 +2124,10 @@ tasks: isautoswitchedtoquietmode: false "167": id: "167" - taskid: ed885e57-229c-41f8-806d-f0bc4441e52b + taskid: 300b4a80-f1bb-4a7c-80b4-eaa66adacde6 type: condition task: - id: ed885e57-229c-41f8-806d-f0bc4441e52b + id: 300b4a80-f1bb-4a7c-80b4-eaa66adacde6 version: -1 name: Verify SAM Account Name description: | @@ -2394,10 +2168,10 @@ tasks: isautoswitchedtoquietmode: false "168": id: "168" - taskid: 0ab399f7-cdf4-470a-8e8b-77469f31a69c + taskid: 5f5d3080-df05-4ce4-861a-0f2dff1bea1a type: regular task: - id: 0ab399f7-cdf4-470a-8e8b-77469f31a69c + id: 5f5d3080-df05-4ce4-861a-0f2dff1bea1a version: -1 name: Verify Incident Field Error - Account Member Of description: Prints an error entry with a given message @@ -2426,10 +2200,10 @@ tasks: isautoswitchedtoquietmode: false "169": id: "169" - taskid: 32249abf-edf7-47d2-86b6-6f19bc713e15 + taskid: 8b4c6cce-a9e9-4851-8f28-9b002b5f96ce type: regular task: - id: 32249abf-edf7-47d2-86b6-6f19bc713e15 + id: 8b4c6cce-a9e9-4851-8f28-9b002b5f96ce version: -1 name: Verify Incident Field Error - Account Name description: Prints an error entry with a given message @@ -2458,10 +2232,10 @@ tasks: isautoswitchedtoquietmode: false "170": id: "170" - taskid: 35268052-91ba-40c8-83ca-69e50f1ba47e + taskid: 44afd435-ad85-43e0-8e65-85367b8b09f9 type: regular task: - id: 35268052-91ba-40c8-83ca-69e50f1ba47e + id: 44afd435-ad85-43e0-8e65-85367b8b09f9 version: -1 name: Verify Incident Field Error - Account Status description: Prints an error entry with a given message @@ -2490,10 +2264,10 @@ tasks: isautoswitchedtoquietmode: false "173": id: "173" - taskid: aa4e83a2-baab-4f0e-8432-8acb8cb7e57d + taskid: e29279fd-9d70-471a-81ef-84329ab1ffd2 type: regular task: - id: aa4e83a2-baab-4f0e-8432-8acb8cb7e57d + id: e29279fd-9d70-471a-81ef-84329ab1ffd2 version: -1 name: Verify Incident Field Error - Manager Name description: Prints an error entry with a given message @@ -2522,10 +2296,10 @@ tasks: isautoswitchedtoquietmode: false "174": id: "174" - taskid: 2f0ad040-dd6d-4951-8937-76932b07e5c2 + taskid: 515e718b-e95c-44be-8265-b95c4b5a687c type: regular task: - id: 2f0ad040-dd6d-4951-8937-76932b07e5c2 + id: 515e718b-e95c-44be-8265-b95c4b5a687c version: -1 name: Verify Incident Field Error - SAM Account Name description: Prints an error entry with a given message @@ -2554,10 +2328,10 @@ tasks: isautoswitchedtoquietmode: false "198": id: "198" - taskid: 1f196b2f-10c4-470f-8c1b-d82cb1ef58e3 + taskid: 2cc817b4-1cf4-4cba-8f11-d3ac903a1c59 type: title task: - id: 1f196b2f-10c4-470f-8c1b-d82cb1ef58e3 + id: 2cc817b4-1cf4-4cba-8f11-d3ac903a1c59 version: -1 name: Done verifying 'Account' type: title @@ -2585,10 +2359,10 @@ tasks: isautoswitchedtoquietmode: false "199": id: "199" - taskid: 7c79555c-69f7-4aa8-887e-16bbf4451084 + taskid: 98a14168-7a06-4e8b-8240-463fb0902351 type: condition task: - id: 7c79555c-69f7-4aa8-887e-16bbf4451084 + id: 98a14168-7a06-4e8b-8240-463fb0902351 version: -1 name: Verify Hostname description: Verify that the 'Endpoint.Hostname’ context key was extracted correctly. @@ -2635,10 +2409,10 @@ tasks: isautoswitchedtoquietmode: false "200": id: "200" - taskid: 700c8684-fed7-4be7-8c6e-90f57c9c4215 + taskid: d78718ef-9372-4b36-8ef7-3d5b42a70d3c type: condition task: - id: 700c8684-fed7-4be7-8c6e-90f57c9c4215 + id: d78718ef-9372-4b36-8ef7-3d5b42a70d3c version: -1 name: Verify Is Isolated description: Verify that the 'Endpoint.IsIsolated’ context key was extracted correctly. @@ -2685,10 +2459,10 @@ tasks: isautoswitchedtoquietmode: false "201": id: "201" - taskid: 369cc371-20ee-422b-85de-d9225ff265d7 + taskid: 95e7105b-0a0a-45bb-86d3-83fcf6d7ae4f type: regular task: - id: 369cc371-20ee-422b-85de-d9225ff265d7 + id: 95e7105b-0a0a-45bb-86d3-83fcf6d7ae4f version: -1 name: Verify Context Error - Is Isolated description: Prints an error entry with a given message @@ -2717,10 +2491,10 @@ tasks: isautoswitchedtoquietmode: false "202": id: "202" - taskid: 17e02ba1-d5db-4978-8425-e8b1bbc7c9c0 + taskid: 4f83694c-e6e0-405d-8c8a-773d3b63b398 type: condition task: - id: 17e02ba1-d5db-4978-8425-e8b1bbc7c9c0 + id: 4f83694c-e6e0-405d-8c8a-773d3b63b398 version: -1 name: Verify Domain description: Verify that the 'Endpoint.Domain’ context key was extracted correctly. @@ -2763,10 +2537,10 @@ tasks: isautoswitchedtoquietmode: false "203": id: "203" - taskid: edaad9d9-da9e-4b59-8075-f5058aa30b2e + taskid: 0ab83395-9ad7-4ec0-8a97-0aef09f8d737 type: condition task: - id: edaad9d9-da9e-4b59-8075-f5058aa30b2e + id: 0ab83395-9ad7-4ec0-8a97-0aef09f8d737 version: -1 name: Verify OS description: Verify that the 'Endpoint.OS’ context key was extracted correctly. @@ -2813,10 +2587,10 @@ tasks: isautoswitchedtoquietmode: false "204": id: "204" - taskid: e6230e99-237b-459e-804f-f1f3562a1794 + taskid: 0bc09e5d-5416-4222-890d-893859bb5cee type: condition task: - id: e6230e99-237b-459e-804f-f1f3562a1794 + id: 0bc09e5d-5416-4222-890d-893859bb5cee version: -1 name: Verify MAC Address description: Verify that the 'Endpoint.MACAddress’ context key was extracted correctly. @@ -2863,10 +2637,10 @@ tasks: isautoswitchedtoquietmode: false "205": id: "205" - taskid: d80277ae-434c-41e5-85c6-d6488e808860 + taskid: d3bdbfaf-7931-43ec-875d-1fac60556cf4 type: condition task: - id: d80277ae-434c-41e5-85c6-d6488e808860 + id: d3bdbfaf-7931-43ec-875d-1fac60556cf4 version: -1 name: Verify Vendor description: Verify that the 'Endpoint.Vendor’ context key was extracted correctly. @@ -2909,10 +2683,10 @@ tasks: isautoswitchedtoquietmode: false "206": id: "206" - taskid: 8f5c79e1-f992-4593-8bb1-b87897e82d7a + taskid: 87e35495-5e7b-4735-887b-518f3b40bf3e type: condition task: - id: 8f5c79e1-f992-4593-8bb1-b87897e82d7a + id: 87e35495-5e7b-4735-887b-518f3b40bf3e version: -1 name: Verify IP Address description: Verify that the 'Endpoint.IPAddress’ context key was extracted correctly. @@ -2959,10 +2733,10 @@ tasks: isautoswitchedtoquietmode: false "207": id: "207" - taskid: fb438301-f10e-4a54-8689-061a154a7ca5 + taskid: f0775a4e-6464-4cf1-824c-5dc64df7b3d7 type: condition task: - id: fb438301-f10e-4a54-8689-061a154a7ca5 + id: f0775a4e-6464-4cf1-824c-5dc64df7b3d7 version: -1 name: Verify Status description: Verify that the 'Endpoint.Status’ context key was extracted correctly. @@ -3009,10 +2783,10 @@ tasks: isautoswitchedtoquietmode: false "208": id: "208" - taskid: 130d5c28-c086-48d1-80dd-3e5b6acdc20c + taskid: 737b091c-1f60-4dbb-88c2-d842439bd97f type: condition task: - id: 130d5c28-c086-48d1-80dd-3e5b6acdc20c + id: 737b091c-1f60-4dbb-88c2-d842439bd97f version: -1 name: Verify ID description: Verify that the 'Endpoint.ID’ context key was extracted correctly. @@ -3059,10 +2833,10 @@ tasks: isautoswitchedtoquietmode: false "209": id: "209" - taskid: 599f2589-c4b1-462e-89c5-1c3f5857d2ac + taskid: 38ebbc6d-95ac-4b46-8eb5-34419ba532dc type: regular task: - id: 599f2589-c4b1-462e-89c5-1c3f5857d2ac + id: 38ebbc6d-95ac-4b46-8eb5-34419ba532dc version: -1 name: Verify Context Error - Domain description: Prints an error entry with a given message @@ -3091,10 +2865,10 @@ tasks: isautoswitchedtoquietmode: false "210": id: "210" - taskid: 5aed9fbd-8fe7-42e0-82c8-00bf533a31c2 + taskid: bbe05abb-6962-4ece-8c06-e5cd514f94ea type: regular task: - id: 5aed9fbd-8fe7-42e0-82c8-00bf533a31c2 + id: bbe05abb-6962-4ece-8c06-e5cd514f94ea version: -1 name: Verify Context Error - OS description: Prints an error entry with a given message @@ -3123,10 +2897,10 @@ tasks: isautoswitchedtoquietmode: false "211": id: "211" - taskid: 385931c5-85a2-4a81-87c2-b937bcd03b0c + taskid: ad082545-8c60-40af-82ac-abc942c59527 type: regular task: - id: 385931c5-85a2-4a81-87c2-b937bcd03b0c + id: ad082545-8c60-40af-82ac-abc942c59527 version: -1 name: Verify Context Error - MAC Address description: Prints an error entry with a given message @@ -3155,10 +2929,10 @@ tasks: isautoswitchedtoquietmode: false "212": id: "212" - taskid: 3344f8b2-7ec6-48b1-897a-248ca114f81d + taskid: 2959888b-84a1-421b-8985-a1c8f2286ab2 type: regular task: - id: 3344f8b2-7ec6-48b1-897a-248ca114f81d + id: 2959888b-84a1-421b-8985-a1c8f2286ab2 version: -1 name: Verify Context Error - Vendor description: Prints an error entry with a given message @@ -3187,10 +2961,10 @@ tasks: isautoswitchedtoquietmode: false "213": id: "213" - taskid: 40834c4c-3669-470b-8c56-40317eb8d90a + taskid: 24f4507c-4a51-44f5-8c65-0a46523cf182 type: regular task: - id: 40834c4c-3669-470b-8c56-40317eb8d90a + id: 24f4507c-4a51-44f5-8c65-0a46523cf182 version: -1 name: Verify Context Error - IP Address description: Prints an error entry with a given message @@ -3219,10 +2993,10 @@ tasks: isautoswitchedtoquietmode: false "214": id: "214" - taskid: ec9eb0f9-9481-4fc0-82e1-278b43ebd87d + taskid: 15f322e7-a0fd-4d29-87f2-a565d0eba7e4 type: regular task: - id: ec9eb0f9-9481-4fc0-82e1-278b43ebd87d + id: 15f322e7-a0fd-4d29-87f2-a565d0eba7e4 version: -1 name: Verify Context Error - Status description: Prints an error entry with a given message @@ -3251,10 +3025,10 @@ tasks: isautoswitchedtoquietmode: false "215": id: "215" - taskid: 441fa760-9073-4e66-8e91-657ca04313e0 + taskid: 6fb97ca0-4333-4df7-8ca4-67dbe7ae3448 type: regular task: - id: 441fa760-9073-4e66-8e91-657ca04313e0 + id: 6fb97ca0-4333-4df7-8ca4-67dbe7ae3448 version: -1 name: Verify Context Error - ID description: Prints an error entry with a given message @@ -3283,10 +3057,10 @@ tasks: isautoswitchedtoquietmode: false "218": id: "218" - taskid: 580384e5-f631-4d5f-8b0f-f3aee77fe801 + taskid: 4f147585-8a72-455f-8eaa-34be5ae45bb3 type: condition task: - id: 580384e5-f631-4d5f-8b0f-f3aee77fe801 + id: 4f147585-8a72-455f-8eaa-34be5ae45bb3 version: -1 name: Verify SHA265 description: Verify that the 'File.SHA256’ context key was extracted correctly. @@ -3307,7 +3081,7 @@ tasks: value: complex: root: File - accessor: SHA265 + accessor: SHA256 iscontext: true right: value: @@ -3333,10 +3107,10 @@ tasks: isautoswitchedtoquietmode: false "219": id: "219" - taskid: c4f9f973-4ad1-4a41-8391-a30f65dca2e3 + taskid: 09d3fe22-ebef-492e-8f6f-8643ab2c5503 type: regular task: - id: c4f9f973-4ad1-4a41-8391-a30f65dca2e3 + id: 09d3fe22-ebef-492e-8f6f-8643ab2c5503 version: -1 name: Verify Context Error - SHA265 description: Prints an error entry with a given message @@ -3365,10 +3139,10 @@ tasks: isautoswitchedtoquietmode: false "220": id: "220" - taskid: 6edc5841-b669-44f1-8cb0-e66bde3480b7 + taskid: c8c4d80f-c257-44bc-8501-2e0b534b31cc type: condition task: - id: 6edc5841-b669-44f1-8cb0-e66bde3480b7 + id: c8c4d80f-c257-44bc-8501-2e0b534b31cc version: -1 name: Verify Name description: Verify that the 'File.Name’ context key was extracted correctly. @@ -3415,10 +3189,10 @@ tasks: isautoswitchedtoquietmode: false "221": id: "221" - taskid: 8841e4da-0ebd-42e6-837c-359593979dab + taskid: 69273d11-d282-4fcd-8feb-76890ee4b28e type: regular task: - id: 8841e4da-0ebd-42e6-837c-359593979dab + id: 69273d11-d282-4fcd-8feb-76890ee4b28e version: -1 name: Verify Context Error - Name description: Prints an error entry with a given message @@ -3447,10 +3221,10 @@ tasks: isautoswitchedtoquietmode: false "255": id: "255" - taskid: 11fc0d38-f4dd-4f80-874c-5a1c4158bfd4 + taskid: 9eb1ee24-48ab-4482-8dca-dad70357755c type: condition task: - id: 11fc0d38-f4dd-4f80-874c-5a1c4158bfd4 + id: 9eb1ee24-48ab-4482-8dca-dad70357755c version: -1 name: Verify Hostnames description: | @@ -3498,10 +3272,10 @@ tasks: isautoswitchedtoquietmode: false "256": id: "256" - taskid: ce586d80-44fe-4047-8105-27cb57de3285 + taskid: dadd41bb-cc26-41f8-8fec-3e79b7deb68f type: regular task: - id: ce586d80-44fe-4047-8105-27cb57de3285 + id: dadd41bb-cc26-41f8-8fec-3e79b7deb68f version: -1 name: Verify Incident Field Error - Hostnames description: Prints an error entry with a given message @@ -3530,10 +3304,10 @@ tasks: isautoswitchedtoquietmode: false "257": id: "257" - taskid: de461f1b-adf1-4bb0-8d1c-308a0819e4a7 + taskid: ef512a3f-4beb-40f0-8c93-916ad1e0f6fb type: condition task: - id: de461f1b-adf1-4bb0-8d1c-308a0819e4a7 + id: ef512a3f-4beb-40f0-8c93-916ad1e0f6fb version: -1 name: Verify Detected Users description: | @@ -3575,10 +3349,10 @@ tasks: isautoswitchedtoquietmode: false "258": id: "258" - taskid: 10e2bf98-48ab-4257-8f11-c3239dca6b6c + taskid: 008b0762-f66b-4fd0-8795-738b2f30fc3f type: regular task: - id: 10e2bf98-48ab-4257-8f11-c3239dca6b6c + id: 008b0762-f66b-4fd0-8795-738b2f30fc3f version: -1 name: Verify Incident Field Error - Detected Users description: Prints an error entry with a given message @@ -3607,10 +3381,10 @@ tasks: isautoswitchedtoquietmode: false "265": id: "265" - taskid: 49bd65c5-d150-4aa6-8d82-6dd129ad8618 + taskid: 1c6c2342-af06-4e36-884b-0004a6b4be5d type: condition task: - id: 49bd65c5-d150-4aa6-8d82-6dd129ad8618 + id: 1c6c2342-af06-4e36-884b-0004a6b4be5d version: -1 name: Verify Context - Name description: Verify that the 'Domain.Name’ context key was extracted correctly. @@ -3650,10 +3424,10 @@ tasks: isautoswitchedtoquietmode: false "266": id: "266" - taskid: 42f4c2e5-ffca-4493-847a-a3c5e8f302ed + taskid: 5635ed70-539f-4e96-813e-06244671fa8a type: regular task: - id: 42f4c2e5-ffca-4493-847a-a3c5e8f302ed + id: 5635ed70-539f-4e96-813e-06244671fa8a version: -1 name: Verify Context Error - Name description: Prints an error entry with a given message @@ -3682,10 +3456,10 @@ tasks: isautoswitchedtoquietmode: false "277": id: "277" - taskid: d72efe7e-5a02-4dc9-8280-3dff60ca94cd + taskid: fa389d4b-7181-4107-8ae4-06b68b42f98c type: title task: - id: d72efe7e-5a02-4dc9-8280-3dff60ca94cd + id: fa389d4b-7181-4107-8ae4-06b68b42f98c version: -1 name: Done type: title @@ -3710,10 +3484,10 @@ tasks: isautoswitchedtoquietmode: false "278": id: "278" - taskid: dfb9dd20-8561-40fe-8b12-ee8002f1e6d3 + taskid: 8e12b74b-49bd-49f6-8dfb-8783c8e2a3ae type: title task: - id: dfb9dd20-8561-40fe-8b12-ee8002f1e6d3 + id: 8e12b74b-49bd-49f6-8dfb-8783c8e2a3ae version: -1 name: '''URL'' Context Data' type: title @@ -3741,10 +3515,10 @@ tasks: isautoswitchedtoquietmode: false "281": id: "281" - taskid: 460dc4a2-9009-43e4-85d5-bb6a134f11f8 + taskid: b65c69d4-5a65-445d-8dd0-3c701fb8e58d type: title task: - id: 460dc4a2-9009-43e4-85d5-bb6a134f11f8 + id: b65c69d4-5a65-445d-8dd0-3c701fb8e58d version: -1 name: Done verifying 'URL' type: title @@ -3772,10 +3546,10 @@ tasks: isautoswitchedtoquietmode: false "290": id: "290" - taskid: 99597097-99ff-45bc-8998-880de9c71c3f + taskid: 0f20b500-f122-4b5e-8c81-5294931f7294 type: condition task: - id: 99597097-99ff-45bc-8998-880de9c71c3f + id: 0f20b500-f122-4b5e-8c81-5294931f7294 version: -1 name: Verify Data description: Verify that the 'URL.Data’ context key was extracted correctly. @@ -3822,10 +3596,10 @@ tasks: isautoswitchedtoquietmode: false "291": id: "291" - taskid: de652497-306d-44f5-84d7-5deb1d622ae1 + taskid: 7cf71d8f-9c21-4b06-8b57-eca631086d08 type: regular task: - id: de652497-306d-44f5-84d7-5deb1d622ae1 + id: 7cf71d8f-9c21-4b06-8b57-eca631086d08 version: -1 name: Verify Context Error - Data description: Prints an error entry with a given message @@ -3855,7 +3629,6 @@ tasks: view: |- { "linkLabelsPosition": { - "100_53_ Verified": 0.1, "101_53_ Verified": 0.1, "102_53_ Verified": 0.11, "103_53_ Verified": 0.1, @@ -3864,7 +3637,6 @@ view: |- "40_53_Verified": 0.1, "46_113_Verified": 0.1, "73_116_#default#": 0.7, - "74_113_ Verified": 0.12, "75_113_ Verified": 0.1 }, "paper": { @@ -3878,4 +3650,4 @@ view: |- } inputs: [] outputs: [] -fromversion: 6.5.0 +fromversion: 6.5.0 \ No newline at end of file diff --git a/Tests/conf.json b/Tests/conf.json index 6f67042cb447..20a6781ca466 100644 --- a/Tests/conf.json +++ b/Tests/conf.json @@ -123,8 +123,9 @@ "playbookID": "Test Playbook - Cortex XDR - Endpoint Investigation" }, { - "integrations": "Cortex XDR - IR", - "playbookID": "Test Playbook - Cortex XDR Malware - Incident Enrichment" + "playbookID": "Test Playbook - Cortex XDR Malware - Incident Enrichment", + "timeout": 1200, + "integrations": "Cortex XDR - IR" }, { "integrations": "Cortex XDR - IR",