diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json new file mode 100644 index 00000000000..b114c9bbdd2 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertdescription", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertdescription", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Description", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json new file mode 100644 index 00000000000..42678525e03 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertid", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertid", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert ID", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json new file mode 100644 index 00000000000..5ef96b82c37 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertname", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertname", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Name", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json new file mode 100644 index 00000000000..45137a284f2 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertstate", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertstate", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert State", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": [], + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json new file mode 100644 index 00000000000..37b7f008372 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alerttimestamp", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alerttimestamp", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Timestamp", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json new file mode 100644 index 00000000000..45eb4f6ad9c --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42severity", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42severity", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Severity", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": [], + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json new file mode 100644 index 00000000000..3d7d05ba707 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json @@ -0,0 +1,39 @@ +{ + "associatedToAll": true, + "associatedTypes": null, + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42username", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42username", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Username", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json b/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json index bd19cb3b4b0..ee520e86ca1 100644 --- a/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json +++ b/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json @@ -21,5 +21,4 @@ "weeks": 0, "weeksR": 0, "fromVersion": "5.0.0" - } diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py index daf2a49043d..d4854db646d 100644 --- a/Packs/Code42/Integrations/Code42/Code42.py +++ b/Packs/Code42/Integrations/Code42/Code42.py @@ -684,11 +684,11 @@ def _stringify_lists_if_needed(event): event["sharedWith"] = str(shared_list) if private_ip_addresses: event["privateIpAddresses"] = str(private_ip_addresses) + return event def _process_event_from_observation(event): - _stringify_lists_if_needed(event) - return event + return _stringify_lists_if_needed(event) class Code42SecurityIncidentFetcher(object): @@ -754,7 +754,7 @@ def _fetch_alerts(self, start_query_time): def _create_incident_from_alert(self, alert): details = self._client.get_alert_details(alert["id"]) incident = _create_incident_from_alert_details(details) - self._relate_files_to_alert(details) + details = self._relate_files_to_alert(details) incident["rawJSON"] = json.dumps(details) return incident @@ -762,6 +762,7 @@ def _relate_files_to_alert(self, alert_details): for obs in alert_details["observations"]: file_events = self._get_file_events_from_alert_details(obs, alert_details) alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events] + return alert_details def _get_file_events_from_alert_details(self, observation, alert_details): security_data_query = map_observation_to_security_query(observation, alert_details["actor"]) @@ -842,7 +843,7 @@ def main(): # Remove trailing slash to prevent wrong URL path to service verify_certificate = not demisto.params().get("insecure", False) proxy = demisto.params().get("proxy", False) - LOG(f"Command being called is {demisto.command()}") + LOG("Command being called is {0}.".format(demisto.command())) try: client = Code42Client( base_url=base_url, @@ -890,7 +891,7 @@ def main(): return_outputs(*commands[command](client, demisto.args())) # Log exceptions except Exception as e: - return_error(f"Failed to execute {demisto.command()} command. Error: {str(e)}") + return_error("Failed to execute {0} command. Error: {1}".format(demisto.command(), str(e))) if __name__ in ("__main__", "__builtin__", "builtins"): diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml index 8d06d429c69..a5d7de961cd 100644 --- a/Packs/Code42/Integrations/Code42/integration-Code42.yml +++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml @@ -764,11 +764,11 @@ script: event["sharedWith"] = str(shared_list) if private_ip_addresses: event["privateIpAddresses"] = str(private_ip_addresses) + return event def _process_event_from_observation(event): - _stringify_lists_if_needed(event) - return event + return _stringify_lists_if_needed(event) class Code42SecurityIncidentFetcher(object): @@ -834,7 +834,7 @@ script: def _create_incident_from_alert(self, alert): details = self._client.get_alert_details(alert["id"]) incident = _create_incident_from_alert_details(details) - self._relate_files_to_alert(details) + details = self._relate_files_to_alert(details) incident["rawJSON"] = json.dumps(details) return incident @@ -842,6 +842,7 @@ script: for obs in alert_details["observations"]: file_events = self._get_file_events_from_alert_details(obs, alert_details) alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events] + return alert_details def _get_file_events_from_alert_details(self, observation, alert_details): security_data_query = map_observation_to_security_query(observation, alert_details["actor"]) diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index a1165b8acc4..d741790c811 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -1,371 +1,473 @@ { - "TypeName": "Code42 Security Alert", - "kind": "details", - "fromVersion": "5.0.0", - "layout": { - "TypeName": "", - "id": "Code42 Security Alert", - "kind": "details", - "modified": "2020-02-28T16:54:37.432056818Z", - "name": "", - "system": false, - "tabs": [ - { - "id": "summary", - "name": "Legacy Summary", - "type": "summary" - }, - { - "id": "caseinfoid", - "name": "Incident Info", - "sections": [ - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "type", - "height": 24, - "id": "incident-type-field", - "index": 0, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "severity", - "height": 24, - "id": "incident-severity-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "owner", - "height": 24, - "id": "incident-owner-field", - "index": 2, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotsource", - "height": 24, - "id": "incident-source-field", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourcebrand", - "height": 24, - "id": "incident-sourceBrand-field", - "index": 4, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourceinstance", - "height": 24, - "id": "incident-sourceInstance-field", - "index": 5, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "playbookid", - "height": 24, - "id": "incident-playbookId-field", - "index": 6, - "startCol": 0 - } - ], - "moved": false, - "name": "Case Details", - "static": false, - "w": 1, - "x": 0, - "y": 0 - }, - { - "h": 2, - "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Notes", - "static": false, - "type": "notes", - "w": 1, - "x": 2, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Work Plan", - "static": false, - "type": "workplan", - "w": 1, - "x": 1, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "moved": false, - "name": "Linked Incidents", - "static": false, - "type": "linkedIncidents", - "w": 1, - "x": 0, - "y": 9 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Child Incidents", - "static": false, - "type": "childInv", - "w": 1, - "x": 1, - "y": 9 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", - "moved": false, - "name": "Team Members", - "static": false, - "type": "team", - "w": 1, - "x": 2, - "y": 4 - }, - { - "displayType": "CARD", - "h": 4, - "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", - "items": [ - { - "endCol": 1, - "fieldId": "occurred", - "height": 55, - "id": "incident-occurred-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 1, - "fieldId": "dbotmodified", - "height": 55, - "id": "incident-modified-field", - "index": 2, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotduedate", - "height": 55, - "id": "incident-dueDate-field", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotcreated", - "height": 55, - "id": "incident-created-field", - "index": 1, - "startCol": 1 - }, - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 55, - "id": "incident-closed-field", - "index": 2, - "startCol": 1 - } - ], - "moved": false, - "name": "Timeline Information", - "static": false, - "w": 1, - "x": 0, - "y": 2 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 24, - "id": "incident-dbotClosed-field", - "index": 0, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closereason", - "height": 24, - "id": "incident-closeReason-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closenotes", - "height": 48, - "id": "incident-closeNotes-field", - "index": 2, - "startCol": 0 - } - ], - "moved": false, - "name": "Closing Information", - "static": false, - "w": 1, - "x": 2, - "y": 2 - }, - { - "displayType": "CARD", - "h": 4, - "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "name", - "height": 55, - "id": "f4316c20-598a-11ea-b904-997d555669cb", - "index": 0, - "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "details", - "height": 110, - "id": "incident-details-field", - "index": 1, - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alerttype", - "height": 55, - "id": "66a7ca60-598b-11ea-b904-997d555669cb", - "index": 2, - "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeedisplayname", - "height": 55, - "id": "9e36d450-5984-11ea-b904-997d555669cb", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeeemail", - "height": 55, - "id": "a3608bb0-5984-11ea-b904-997d555669cb", - "index": 4, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeemanageremail", - "height": 55, - "id": "a4bc7230-5984-11ea-b904-997d555669cb", - "index": 5, - "startCol": 0 - } - ], - "moved": false, - "name": "Investigation Data", - "static": false, - "w": 1, - "x": 1, - "y": 2 - }, - { - "displayType": "ROW", - "h": 3, - "hideName": false, - "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", - "items": [ - { - "dropEffect": "move", - "endCol": 6, - "fieldId": "exfiltratedfilelist", - "height": 110, - "id": "d857da20-5985-11ea-b904-997d555669cb", - "index": 0, - "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "File Events", - "static": false, - "w": 3, - "x": 0, - "y": 6 - } - ], - "type": "custom" - }, - { - "id": "warRoom", - "name": "War Room", - "type": "warRoom" - }, - { - "id": "workPlan", - "name": "Work Plan", - "type": "workPlan" - }, - { - "id": "evidenceBoard", - "name": "Evidence Board", - "type": "evidenceBoard" - }, - { - "id": "relatedIncidents", - "name": "Related Incidents", - "type": "relatedIncidents" - }, - { - "id": "canvas", - "name": "Canvas", - "type": "canvas" - } - ], - "typeId": "Code42 Security Alert", - "version": -1 - }, - "typeId": "Code42 Security Alert", - "version": -1 -} + "TypeName": "", + "id": "Code42 Security Alert", + "kind": "details", + "name": "", + "sortValues": null, + "system": false, + "tabs": [ + { + "id": "summary", + "name": "Legacy Summary", + "type": "summary" + }, + { + "id": "caseinfoid", + "name": "Incident Info", + "sections": [ + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "type", + "height": 22, + "id": "incident-type-field", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "severity", + "height": 22, + "id": "incident-severity-field", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "owner", + "height": 22, + "id": "incident-owner-field", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotsource", + "height": 22, + "id": "incident-source-field", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourcebrand", + "height": 22, + "id": "incident-sourceBrand-field", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourceinstance", + "height": 22, + "id": "incident-sourceInstance-field", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "playbookid", + "height": 22, + "id": "incident-playbookId-field", + "index": 7, + "sectionItemType": "field", + "startCol": 0 + } + ], + "moved": false, + "name": "Case Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "h": 2, + "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Notes", + "static": false, + "type": "notes", + "w": 1, + "x": 2, + "y": 5 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Work Plan", + "static": false, + "type": "workplan", + "w": 1, + "x": 2, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "moved": false, + "name": "Linked Incidents", + "static": false, + "type": "linkedIncidents", + "w": 1, + "x": 0, + "y": 9 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Child Incidents", + "static": false, + "type": "childInv", + "w": 1, + "x": 1, + "y": 9 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", + "moved": false, + "name": "Team Members", + "static": false, + "type": "team", + "w": 1, + "x": 2, + "y": 9 + }, + { + "displayType": "CARD", + "h": 4, + "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", + "items": [ + { + "endCol": 1, + "fieldId": "occurred", + "height": 55, + "id": "incident-occurred-field", + "index": 1, + "startCol": 0 + }, + { + "endCol": 1, + "fieldId": "dbotmodified", + "height": 55, + "id": "incident-modified-field", + "index": 2, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotduedate", + "height": 55, + "id": "incident-dueDate-field", + "index": 3, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotcreated", + "height": 55, + "id": "incident-created-field", + "index": 1, + "startCol": 1 + }, + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 55, + "id": "incident-closed-field", + "index": 2, + "startCol": 1 + } + ], + "moved": false, + "name": "Timeline Information", + "static": false, + "w": 1, + "x": 0, + "y": 5 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 24, + "id": "incident-dbotClosed-field", + "index": 0, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closereason", + "height": 24, + "id": "incident-closeReason-field", + "index": 1, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closenotes", + "height": 48, + "id": "incident-closeNotes-field", + "index": 2, + "startCol": 0 + } + ], + "moved": false, + "name": "Closing Information", + "static": false, + "w": 1, + "x": 2, + "y": 7 + }, + { + "displayType": "CARD", + "h": 4, + "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "name", + "height": 55, + "id": "f4316c20-598a-11ea-b904-997d555669cb", + "index": 0, + "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "details", + "height": 110, + "id": "incident-details-field", + "index": 1, + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttype", + "height": 55, + "id": "66a7ca60-598b-11ea-b904-997d555669cb", + "index": 2, + "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeedisplayname", + "height": 55, + "id": "9e36d450-5984-11ea-b904-997d555669cb", + "index": 3, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeeemail", + "height": 55, + "id": "a3608bb0-5984-11ea-b904-997d555669cb", + "index": 4, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeemanageremail", + "height": 55, + "id": "a4bc7230-5984-11ea-b904-997d555669cb", + "index": 5, + "startCol": 0 + } + ], + "moved": false, + "name": "Investigation Data", + "static": false, + "w": 1, + "x": 1, + "y": 5 + }, + { + "displayType": "ROW", + "h": 3, + "hideName": false, + "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "items": [ + { + "endCol": 6, + "fieldId": "code42fileevents", + "height": 106, + "id": "484a0170-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "exfiltratedfilelist", + "height": 22, + "id": "d857da20-5985-11ea-b904-997d555669cb", + "index": 1, + "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "File Events", + "static": false, + "w": 3, + "x": 0, + "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a", + "items": [ + { + "endCol": 2, + "fieldId": "code42alertname", + "height": 22, + "id": "d3760eb0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42username", + "height": 22, + "id": "e7d311f0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttype", + "height": 22, + "id": "dcb30460-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 2, + "listId": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertdescription", + "height": 22, + "id": "d4ac1db0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertstate", + "height": 22, + "id": "d8f1b6a0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertid", + "height": 22, + "id": "d6de3ff0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alerttimestamp", + "height": 22, + "id": "dabdeb20-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42severity", + "height": 22, + "id": "e5bab940-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 7, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Code42 Alert Details", + "static": false, + "w": 1, + "x": 1, + "y": 0 + } + ], + "type": "custom" + }, + { + "id": "warRoom", + "name": "War Room", + "type": "warRoom" + }, + { + "id": "workPlan", + "name": "Work Plan", + "type": "workPlan" + }, + { + "id": "evidenceBoard", + "name": "Evidence Board", + "type": "evidenceBoard" + }, + { + "id": "relatedIncidents", + "name": "Related Incidents", + "type": "relatedIncidents" + }, + { + "id": "canvas", + "name": "Canvas", + "type": "canvas" + } + ], + "typeId": "Code42 Security Alert", + "version": -1, + "fromVersion": "5.0.0" +} \ No newline at end of file