forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook-AlphaSOC_Wisdom_Response_Test.yml
167 lines (167 loc) · 3.88 KB
/
playbook-AlphaSOC_Wisdom_Response_Test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
id: AlphaSOC-Wisdom-Test
version: 5
name: AlphaSOC Wisdom Test
starttaskid: "0"
tasks:
"0":
id: "0"
taskid: d976fcb3-d854-41f3-8fc6-8c551007355c
type: start
task:
id: d976fcb3-d854-41f3-8fc6-8c551007355c
version: -1
name: ""
iscommand: false
brand: ""
nexttasks:
'#none#':
- "1"
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 50
}
}
"1":
id: "1"
taskid: 0e6073b2-cfbd-4ed3-83bb-533f9b7077f5
type: regular
task:
id: 0e6073b2-cfbd-4ed3-83bb-533f9b7077f5
version: -1
name: wisdom-domain-flags
description: Returns a list of flags (categories and features) assigned to a
domain by AlphaSOC Threat Intelligence
script: AlphaSOC Wisdom|||wisdom-domain-flags
type: regular
iscommand: true
brand: AlphaSOC Wisdom
nexttasks:
'#none#':
- "2"
scriptarguments:
domain:
simple: google.com
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 180
}
}
"2":
id: "2"
taskid: b45790b6-6968-47de-8d9d-11cb33268b79
type: regular
task:
id: b45790b6-6968-47de-8d9d-11cb33268b79
version: -1
name: VerifyContext
description: |-
Verifies path in context:
- Verifies path existence
- If matching object is an array: verify fields exists in each of the objects in the array
- If matching object is not an array: verify fields exists in matching object
- if 'expectedValue' is given: ensure that the given value is equal to the context path
scriptName: VerifyContext
type: regular
iscommand: false
brand: ""
nexttasks:
'#none#':
- "3"
scriptarguments:
expectedValue:
simple: '["trusted"]'
fields: {}
path:
simple: Wisdom.Flag
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 360
}
}
"3":
id: "3"
taskid: e9d8c429-89ea-453e-815a-4b6fbb385b1c
type: regular
task:
id: e9d8c429-89ea-453e-815a-4b6fbb385b1c
version: -1
name: wisdom-ip-flags
description: Returns a list of flags (categories and features) assigned to an
IP connection (defined by protocol, destination address and port number) by
AlphaSOC Threat Intelligence
script: AlphaSOC Wisdom|||wisdom-ip-flags
type: regular
iscommand: true
brand: AlphaSOC Wisdom
nexttasks:
'#none#':
- "4"
scriptarguments:
ip:
simple: 8.8.8.8
port:
simple: "53"
proto:
simple: tcp
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 540
}
}
"4":
id: "4"
taskid: 1b346468-7ddf-4d05-8ff9-4c7efe0a4b8b
type: regular
task:
id: 1b346468-7ddf-4d05-8ff9-4c7efe0a4b8b
version: -1
name: VerifyContext
description: |-
Verifies path in context:
- Verifies path existence
- If matching object is an array: verify fields exists in each of the objects in the array
- If matching object is not an array: verify fields exists in matching object
- if 'expectedValue' is given: ensure that the given value is equal to the context path
scriptName: VerifyContext
type: regular
iscommand: false
brand: ""
scriptarguments:
expectedValue: {}
fields: {}
path:
simple: Wisdom.Flag
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 720
}
}
view: |-
{
"linkLabelsPosition": {},
"paper": {
"dimensions": {
"height": 765,
"width": 380,
"x": 450,
"y": 50
}
}
}
inputs: []
outputs: []