forked from demisto/content
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook-Get_File_Sample_From_Hash_-_Generic_Test.yml
167 lines (167 loc) · 3.29 KB
/
playbook-Get_File_Sample_From_Hash_-_Generic_Test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
id: Get File Sample From Hash - Generic - Test
version: -1
name: Get File Sample From Hash - Generic - Test
toversion: 3.1.0
starttaskid: "0"
tasks:
"0":
id: "0"
taskid: f18976fe-99e0-45e9-8ead-c8dca61a4db8
type: start
task:
id: f18976fe-99e0-45e9-8ead-c8dca61a4db8
version: -1
name: ""
iscommand: false
brand: ""
nexttasks:
'#none#':
- "2"
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 50
}
}
note: false
timertriggers: []
"1":
id: "1"
taskid: d1eddcb0-df4c-45db-81a1-2fa2f096d235
type: playbook
task:
id: d1eddcb0-df4c-45db-81a1-2fa2f096d235
version: -1
name: Get File Sample From Hash - Generic
description: Returns to the war-room a file sample correlating from a hash using
one or more products
playbookName: Get File Sample From Hash - Generic
type: playbook
iscommand: false
brand: ""
nexttasks:
'#none#':
- "4"
scriptarguments:
File.SHA256:
simple: ${File.SHA256}
separatecontext: true
loop:
iscommand: false
exitCondition: ""
wait: 1
view: |-
{
"position": {
"x": 450,
"y": 550
}
}
note: false
timertriggers: []
"2":
id: "2"
taskid: c2939912-4ad6-4b64-8683-e07e53f6191d
type: regular
task:
id: c2939912-4ad6-4b64-8683-e07e53f6191d
version: -1
name: Clear Context
scriptName: DeleteContext
type: regular
iscommand: false
brand: ""
nexttasks:
'#none#':
- "3"
scriptarguments:
all:
simple: "yes"
index: {}
key: {}
keysToKeep: {}
subplaybook: {}
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 200
}
}
note: false
timertriggers: []
"3":
id: "3"
taskid: ce0823eb-be7c-4d83-8c63-83879ff3c1d0
type: regular
task:
id: ce0823eb-be7c-4d83-8c63-83879ff3c1d0
version: -1
name: Add hash to context
scriptName: Set
type: regular
iscommand: false
brand: ""
nexttasks:
'#none#':
- "1"
scriptarguments:
append: {}
key:
simple: File.SHA256
value:
simple: 5da547e87d6ef12349fb4dbba9cf3146a358e284f72361dd07bbabfc95b0bac3
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 380
}
}
note: false
timertriggers: []
"4":
id: "4"
taskid: 82ecb983-b4ae-4d98-89eb-a58f14dba9c9
type: regular
task:
id: 82ecb983-b4ae-4d98-89eb-a58f14dba9c9
version: -1
name: Verify output
scriptName: VerifyContext
type: regular
iscommand: false
brand: ""
scriptarguments:
expectedValue: {}
fields: {}
path:
simple: File.EntryID
separatecontext: false
view: |-
{
"position": {
"x": 450,
"y": 750
}
}
note: false
timertriggers: []
view: |-
{
"linkLabelsPosition": {},
"paper": {
"dimensions": {
"height": 795,
"width": 380,
"x": 450,
"y": 50
}
}
}
inputs: []
outputs: []