From 34ae9b88e3a4a7cfe374664823b5d07e815a2e7e Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Wed, 24 Jun 2020 16:40:22 +0000 Subject: [PATCH 1/6] New fields --- ...ncidentfield-Code42_Alert_Description.json | 41 + .../incidentfield-Code42_Alert_ID.json | 41 + .../incidentfield-Code42_Alert_Name.json | 41 + .../incidentfield-Code42_Alert_State.json | 41 + .../incidentfield-Code42_Alert_Timestamp.json | 41 + .../incidentfield-Code42_Severity.json | 41 + .../incidentfield-Code42_Username.json | 39 + .../Code42/integration-Code42.yml | 8 +- ...yout-details-Code42_Security_Alert-V2.json | 847 ++++++++++-------- 9 files changed, 766 insertions(+), 374 deletions(-) create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json create mode 100644 Packs/Code42/IncidentFields/incidentfield-Code42_Username.json diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json new file mode 100644 index 00000000000..b114c9bbdd2 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Description.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertdescription", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertdescription", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Description", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json new file mode 100644 index 00000000000..42678525e03 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_ID.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertid", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertid", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert ID", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json new file mode 100644 index 00000000000..5ef96b82c37 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Name.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertname", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertname", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Name", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json new file mode 100644 index 00000000000..45137a284f2 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_State.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alertstate", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alertstate", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert State", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": [], + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json new file mode 100644 index 00000000000..37b7f008372 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Alert_Timestamp.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42alerttimestamp", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42alerttimestamp", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Alert Timestamp", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json new file mode 100644 index 00000000000..45eb4f6ad9c --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Severity.json @@ -0,0 +1,41 @@ +{ + "associatedToAll": false, + "associatedTypes": [ + "Code42 Security Alert" + ], + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42severity", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42severity", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Severity", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": [], + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json new file mode 100644 index 00000000000..3d7d05ba707 --- /dev/null +++ b/Packs/Code42/IncidentFields/incidentfield-Code42_Username.json @@ -0,0 +1,39 @@ +{ + "associatedToAll": true, + "associatedTypes": null, + "breachScript": "", + "caseInsensitive": true, + "cliName": "code42username", + "closeForm": false, + "columns": null, + "content": false, + "defaultRows": null, + "description": "", + "editForm": true, + "fieldCalcScript": "", + "group": 0, + "hidden": false, + "id": "incident_code42username", + "isReadOnly": false, + "locked": false, + "mergeStrategy": "", + "name": "Code42 Username", + "neverSetAsRequired": false, + "ownerOnly": false, + "placeholder": "", + "required": false, + "script": "", + "selectValues": null, + "sla": 0, + "sortValues": null, + "system": false, + "systemAssociatedTypes": null, + "threshold": 72, + "type": "shortText", + "unmapped": false, + "unsearchable": false, + "useAsKpi": false, + "validatedError": "", + "validationRegex": "", + "version": -1 +} \ No newline at end of file diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml index 0bd326f1a27..226d33b37fc 100644 --- a/Packs/Code42/Integrations/Code42/integration-Code42.yml +++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml @@ -1,8 +1,8 @@ commonfields: - id: Code42 + id: Code42Test version: -1 -name: Code42 -display: Code42 +name: Code42Test +display: Code42Test category: Endpoint description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments. configuration: @@ -11,7 +11,7 @@ configuration: defaultvalue: console.us.code42.com type: 0 required: true -- display: "" +- display: "Username" name: credentials defaultvalue: "" type: 9 diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index a1165b8acc4..138a824bd2c 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -1,371 +1,478 @@ { - "TypeName": "Code42 Security Alert", - "kind": "details", - "fromVersion": "5.0.0", - "layout": { - "TypeName": "", - "id": "Code42 Security Alert", - "kind": "details", - "modified": "2020-02-28T16:54:37.432056818Z", - "name": "", - "system": false, - "tabs": [ - { - "id": "summary", - "name": "Legacy Summary", - "type": "summary" - }, - { - "id": "caseinfoid", - "name": "Incident Info", - "sections": [ - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "type", - "height": 24, - "id": "incident-type-field", - "index": 0, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "severity", - "height": 24, - "id": "incident-severity-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "owner", - "height": 24, - "id": "incident-owner-field", - "index": 2, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotsource", - "height": 24, - "id": "incident-source-field", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourcebrand", - "height": 24, - "id": "incident-sourceBrand-field", - "index": 4, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "sourceinstance", - "height": 24, - "id": "incident-sourceInstance-field", - "index": 5, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "playbookid", - "height": 24, - "id": "incident-playbookId-field", - "index": 6, - "startCol": 0 - } - ], - "moved": false, - "name": "Case Details", - "static": false, - "w": 1, - "x": 0, - "y": 0 - }, - { - "h": 2, - "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Notes", - "static": false, - "type": "notes", - "w": 1, - "x": 2, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Work Plan", - "static": false, - "type": "workplan", - "w": 1, - "x": 1, - "y": 0 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", - "isVisible": true, - "moved": false, - "name": "Linked Incidents", - "static": false, - "type": "linkedIncidents", - "w": 1, - "x": 0, - "y": 9 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", - "moved": false, - "name": "Child Incidents", - "static": false, - "type": "childInv", - "w": 1, - "x": 1, - "y": 9 - }, - { - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", - "moved": false, - "name": "Team Members", - "static": false, - "type": "team", - "w": 1, - "x": 2, - "y": 4 - }, - { - "displayType": "CARD", - "h": 4, - "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", - "items": [ - { - "endCol": 1, - "fieldId": "occurred", - "height": 55, - "id": "incident-occurred-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 1, - "fieldId": "dbotmodified", - "height": 55, - "id": "incident-modified-field", - "index": 2, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotduedate", - "height": 55, - "id": "incident-dueDate-field", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotcreated", - "height": 55, - "id": "incident-created-field", - "index": 1, - "startCol": 1 - }, - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 55, - "id": "incident-closed-field", - "index": 2, - "startCol": 1 - } - ], - "moved": false, - "name": "Timeline Information", - "static": false, - "w": 1, - "x": 0, - "y": 2 - }, - { - "displayType": "ROW", - "h": 2, - "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "endCol": 2, - "fieldId": "dbotclosed", - "height": 24, - "id": "incident-dbotClosed-field", - "index": 0, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closereason", - "height": 24, - "id": "incident-closeReason-field", - "index": 1, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "closenotes", - "height": 48, - "id": "incident-closeNotes-field", - "index": 2, - "startCol": 0 - } - ], - "moved": false, - "name": "Closing Information", - "static": false, - "w": 1, - "x": 2, - "y": 2 - }, - { - "displayType": "CARD", - "h": 4, - "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "isVisible": true, - "items": [ - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "name", - "height": 55, - "id": "f4316c20-598a-11ea-b904-997d555669cb", - "index": 0, - "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "details", - "height": 110, - "id": "incident-details-field", - "index": 1, - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alerttype", - "height": 55, - "id": "66a7ca60-598b-11ea-b904-997d555669cb", - "index": 2, - "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeedisplayname", - "height": 55, - "id": "9e36d450-5984-11ea-b904-997d555669cb", - "index": 3, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeeemail", - "height": 55, - "id": "a3608bb0-5984-11ea-b904-997d555669cb", - "index": 4, - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "employeemanageremail", - "height": 55, - "id": "a4bc7230-5984-11ea-b904-997d555669cb", - "index": 5, - "startCol": 0 - } - ], - "moved": false, - "name": "Investigation Data", - "static": false, - "w": 1, - "x": 1, - "y": 2 - }, - { - "displayType": "ROW", - "h": 3, - "hideName": false, - "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", - "items": [ - { - "dropEffect": "move", - "endCol": 6, - "fieldId": "exfiltratedfilelist", - "height": 110, - "id": "d857da20-5985-11ea-b904-997d555669cb", - "index": 0, - "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "File Events", - "static": false, - "w": 3, - "x": 0, - "y": 6 - } - ], - "type": "custom" - }, - { - "id": "warRoom", - "name": "War Room", - "type": "warRoom" - }, - { - "id": "workPlan", - "name": "Work Plan", - "type": "workPlan" - }, - { - "id": "evidenceBoard", - "name": "Evidence Board", - "type": "evidenceBoard" - }, - { - "id": "relatedIncidents", - "name": "Related Incidents", - "type": "relatedIncidents" - }, - { - "id": "canvas", - "name": "Canvas", - "type": "canvas" - } - ], - "typeId": "Code42 Security Alert", - "version": -1 - }, - "typeId": "Code42 Security Alert", - "version": -1 -} + "TypeName": "", + "id": "Code42 Security Alert", + "kind": "details", + "name": "", + "sortValues": null, + "system": false, + "tabs": [ + { + "id": "summary", + "name": "Legacy Summary", + "type": "summary" + }, + { + "id": "caseinfoid", + "name": "Incident Info", + "sections": [ + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alertid", + "height": 22, + "id": "6dc82070-b637-11ea-b3d2-913a8f1b2f41", + "index": 0, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42username", + "height": 22, + "id": "5b671ae0-b5a0-11ea-b9fd-2fc523985e07", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertstate", + "height": 22, + "id": "75a42690-b637-11ea-b3d2-913a8f1b2f41", + "index": 2, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertname", + "height": 22, + "id": "732ae930-b637-11ea-b3d2-913a8f1b2f41", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttimestamp", + "height": 22, + "id": "7821f7d0-b637-11ea-b3d2-913a8f1b2f41", + "index": 4, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "severity", + "height": 22, + "id": "incident-severity-field", + "index": 5, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "type", + "height": 22, + "id": "incident-type-field", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "owner", + "height": 22, + "id": "incident-owner-field", + "index": 7, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourcebrand", + "height": 22, + "id": "incident-sourceBrand-field", + "index": 8, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "sourceinstance", + "height": 22, + "id": "incident-sourceInstance-field", + "index": 9, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "playbookid", + "height": 22, + "id": "incident-playbookId-field", + "index": 10, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotsource", + "height": 22, + "id": "incident-source-field", + "index": 11, + "sectionItemType": "field", + "startCol": 0 + } + ], + "moved": false, + "name": "Case Details", + "static": false, + "w": 1, + "x": 0, + "y": 0 + }, + { + "h": 2, + "i": "caseinfoid-61263cc0-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Notes", + "static": false, + "type": "notes", + "w": 1, + "x": 2, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-6aabad20-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Work Plan", + "static": false, + "type": "workplan", + "w": 1, + "x": 1, + "y": 0 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-770ec200-98b1-11e9-97d7-ed26ef9e46c8", + "isVisible": true, + "moved": false, + "name": "Linked Incidents", + "static": false, + "type": "linkedIncidents", + "w": 1, + "x": 0, + "y": 13 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-842632c0-98b1-11e9-97d7-ed26ef9e46c8", + "moved": false, + "name": "Child Incidents", + "static": false, + "type": "childInv", + "w": 1, + "x": 1, + "y": 13 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-7717e580-9bed-11e9-9a3f-8b4b2158e260", + "moved": false, + "name": "Team Members", + "static": false, + "type": "team", + "w": 1, + "x": 2, + "y": 6 + }, + { + "displayType": "CARD", + "h": 4, + "i": "caseinfoid-ac32f620-a0b0-11e9-b27f-13ae1773d289", + "items": [ + { + "endCol": 1, + "fieldId": "occurred", + "height": 55, + "id": "incident-occurred-field", + "index": 1, + "startCol": 0 + }, + { + "endCol": 1, + "fieldId": "dbotmodified", + "height": 55, + "id": "incident-modified-field", + "index": 2, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotduedate", + "height": 55, + "id": "incident-dueDate-field", + "index": 3, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "dbotcreated", + "height": 55, + "id": "incident-created-field", + "index": 1, + "startCol": 1 + }, + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 55, + "id": "incident-closed-field", + "index": 2, + "startCol": 1 + } + ], + "moved": false, + "name": "Timeline Information", + "static": false, + "w": 1, + "x": 0, + "y": 6 + }, + { + "displayType": "ROW", + "h": 2, + "i": "caseinfoid-88e6bf70-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "endCol": 2, + "fieldId": "dbotclosed", + "height": 24, + "id": "incident-dbotClosed-field", + "index": 0, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closereason", + "height": 24, + "id": "incident-closeReason-field", + "index": 1, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "closenotes", + "height": 48, + "id": "incident-closeNotes-field", + "index": 2, + "startCol": 0 + } + ], + "moved": false, + "name": "Closing Information", + "static": false, + "w": 1, + "x": 2, + "y": 4 + }, + { + "displayType": "CARD", + "h": 4, + "i": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "isVisible": true, + "items": [ + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "name", + "height": 55, + "id": "f4316c20-598a-11ea-b904-997d555669cb", + "index": 0, + "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "details", + "height": 110, + "id": "incident-details-field", + "index": 1, + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttype", + "height": 55, + "id": "66a7ca60-598b-11ea-b904-997d555669cb", + "index": 2, + "listId": "caseinfoid-e54b1770-a0b1-11e9-b27f-13ae1773d289", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeedisplayname", + "height": 55, + "id": "9e36d450-5984-11ea-b904-997d555669cb", + "index": 3, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeeemail", + "height": 55, + "id": "a3608bb0-5984-11ea-b904-997d555669cb", + "index": 4, + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "employeemanageremail", + "height": 55, + "id": "a4bc7230-5984-11ea-b904-997d555669cb", + "index": 5, + "startCol": 0 + } + ], + "moved": false, + "name": "Investigation Data", + "static": false, + "w": 1, + "x": 1, + "y": 4 + }, + { + "displayType": "ROW", + "h": 3, + "hideName": false, + "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "items": [ + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "exfiltratedfilelist", + "height": 110, + "id": "d857da20-5985-11ea-b904-997d555669cb", + "index": 0, + "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "File Events", + "static": false, + "w": 3, + "x": 0, + "y": 10 + }, + { + "description": "This is a test", + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-6434eb20-b58c-11ea-95a8-8b8d5f804e32", + "items": [ + { + "endCol": 2, + "fieldId": "code42alerttype", + "height": 22, + "id": "92eac610-b58c-11ea-95a8-8b8d5f804e32", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "code42fileevents", + "height": 106, + "id": "94153c50-b58c-11ea-95a8-8b8d5f804e32", + "index": 1, + "listId": "caseinfoid-6434eb20-b58c-11ea-95a8-8b8d5f804e32", + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Test Section", + "static": false, + "w": 3, + "x": 0, + "y": 2 + }, + { + "h": 2, + "i": "caseinfoid-bcee6390-b58c-11ea-95a8-8b8d5f804e32", + "items": [], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "General Purpose Dynamic Section", + "query": "468c8e6f-6f50-486f-8cde-7dabe4cbeb2b", + "queryType": "script", + "static": false, + "type": "dynamic", + "w": 1, + "x": 0, + "y": 4 + } + ], + "type": "custom" + }, + { + "id": "warRoom", + "name": "War Room", + "type": "warRoom" + }, + { + "id": "workPlan", + "name": "Work Plan", + "type": "workPlan" + }, + { + "id": "evidenceBoard", + "name": "Evidence Board", + "type": "evidenceBoard" + }, + { + "id": "relatedIncidents", + "name": "Related Incidents", + "type": "relatedIncidents" + }, + { + "id": "canvas", + "name": "Canvas", + "type": "canvas" + } + ], + "typeId": "Code42 Security Alert", + "version": -1, + "fromVersion": "5.0.0" +} \ No newline at end of file From e46d7ff708841ab5d7983beb57c70b021edf16d8 Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Wed, 24 Jun 2020 17:10:14 +0000 Subject: [PATCH 2/6] Update views --- .../incidenttype-Code42_Security_Alert.json | 1 - ...yout-details-Code42_Security_Alert-V2.json | 147 +++++++----------- 2 files changed, 59 insertions(+), 89 deletions(-) diff --git a/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json b/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json index bd19cb3b4b0..ee520e86ca1 100644 --- a/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json +++ b/Packs/Code42/IncidentTypes/incidenttype-Code42_Security_Alert.json @@ -21,5 +21,4 @@ "weeks": 0, "weeksR": 0, "fromVersion": "5.0.0" - } diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index 138a824bd2c..e0e5c81d6b3 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -24,38 +24,62 @@ { "dropEffect": "move", "endCol": 2, - "fieldId": "code42alertid", + "fieldId": "type", "height": 22, - "id": "6dc82070-b637-11ea-b3d2-913a8f1b2f41", + "id": "incident-type-field", "index": 0, "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, { + "dropEffect": "move", "endCol": 2, - "fieldId": "code42username", + "fieldId": "code42alertname", "height": 22, - "id": "5b671ae0-b5a0-11ea-b9fd-2fc523985e07", + "id": "732ae930-b637-11ea-b3d2-913a8f1b2f41", "index": 1, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, { + "dropEffect": "move", "endCol": 2, - "fieldId": "code42alertstate", + "fieldId": "owner", "height": 22, - "id": "75a42690-b637-11ea-b3d2-913a8f1b2f41", + "id": "incident-owner-field", "index": 2, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, { + "dropEffect": "move", "endCol": 2, - "fieldId": "code42alertname", + "fieldId": "severity", "height": 22, - "id": "732ae930-b637-11ea-b3d2-913a8f1b2f41", + "id": "incident-severity-field", "index": 3, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertdescription", + "height": 22, + "id": "83c5f080-b639-11ea-b3d2-913a8f1b2f41", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42username", + "height": 22, + "id": "5b671ae0-b5a0-11ea-b9fd-2fc523985e07", + "index": 5, "sectionItemType": "field", "startCol": 0 }, @@ -65,7 +89,7 @@ "fieldId": "code42alerttimestamp", "height": 22, "id": "7821f7d0-b637-11ea-b3d2-913a8f1b2f41", - "index": 4, + "index": 6, "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 @@ -73,29 +97,31 @@ { "dropEffect": "move", "endCol": 2, - "fieldId": "severity", + "fieldId": "code42alertstate", "height": 22, - "id": "incident-severity-field", - "index": 5, + "id": "75a42690-b637-11ea-b3d2-913a8f1b2f41", + "index": 7, "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, { + "dropEffect": "move", "endCol": 2, - "fieldId": "type", + "fieldId": "code42alertid", "height": 22, - "id": "incident-type-field", - "index": 6, + "id": "6dc82070-b637-11ea-b3d2-913a8f1b2f41", + "index": 8, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, - "fieldId": "owner", + "fieldId": "code42alerttype", "height": 22, - "id": "incident-owner-field", - "index": 7, + "id": "727f7c10-b639-11ea-b3d2-913a8f1b2f41", + "index": 9, "sectionItemType": "field", "startCol": 0 }, @@ -104,7 +130,7 @@ "fieldId": "sourcebrand", "height": 22, "id": "incident-sourceBrand-field", - "index": 8, + "index": 10, "sectionItemType": "field", "startCol": 0 }, @@ -113,25 +139,25 @@ "fieldId": "sourceinstance", "height": 22, "id": "incident-sourceInstance-field", - "index": 9, + "index": 11, "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, - "fieldId": "playbookid", + "fieldId": "dbotsource", "height": 22, - "id": "incident-playbookId-field", - "index": 10, + "id": "incident-source-field", + "index": 12, "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, - "fieldId": "dbotsource", + "fieldId": "playbookid", "height": 22, - "id": "incident-source-field", - "index": 11, + "id": "incident-playbookId-field", + "index": 13, "sectionItemType": "field", "startCol": 0 } @@ -177,7 +203,7 @@ "type": "linkedIncidents", "w": 1, "x": 0, - "y": 13 + "y": 9 }, { "displayType": "ROW", @@ -189,7 +215,7 @@ "type": "childInv", "w": 1, "x": 1, - "y": 13 + "y": 9 }, { "displayType": "ROW", @@ -202,7 +228,7 @@ "type": "team", "w": 1, "x": 2, - "y": 6 + "y": 4 }, { "displayType": "CARD", @@ -255,7 +281,7 @@ "static": false, "w": 1, "x": 0, - "y": 6 + "y": 2 }, { "displayType": "ROW", @@ -293,7 +319,7 @@ "static": false, "w": 1, "x": 2, - "y": 4 + "y": 2 }, { "displayType": "CARD", @@ -359,7 +385,7 @@ "static": false, "w": 1, "x": 1, - "y": 4 + "y": 2 }, { "displayType": "ROW", @@ -386,62 +412,7 @@ "static": false, "w": 3, "x": 0, - "y": 10 - }, - { - "description": "This is a test", - "displayType": "ROW", - "h": 2, - "hideName": false, - "i": "caseinfoid-6434eb20-b58c-11ea-95a8-8b8d5f804e32", - "items": [ - { - "endCol": 2, - "fieldId": "code42alerttype", - "height": 22, - "id": "92eac610-b58c-11ea-95a8-8b8d5f804e32", - "index": 0, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 6, - "fieldId": "code42fileevents", - "height": 106, - "id": "94153c50-b58c-11ea-95a8-8b8d5f804e32", - "index": 1, - "listId": "caseinfoid-6434eb20-b58c-11ea-95a8-8b8d5f804e32", - "sectionItemType": "field", - "startCol": 0 - } - ], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "Test Section", - "static": false, - "w": 3, - "x": 0, - "y": 2 - }, - { - "h": 2, - "i": "caseinfoid-bcee6390-b58c-11ea-95a8-8b8d5f804e32", - "items": [], - "maxW": 3, - "minH": 1, - "minW": 1, - "moved": false, - "name": "General Purpose Dynamic Section", - "query": "468c8e6f-6f50-486f-8cde-7dabe4cbeb2b", - "queryType": "script", - "static": false, - "type": "dynamic", - "w": 1, - "x": 0, - "y": 4 + "y": 6 } ], "type": "custom" From e06461ab1f9cbaef7cd3da762c379a9860158e6c Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Wed, 24 Jun 2020 17:45:50 +0000 Subject: [PATCH 3/6] gen yml --- Packs/Code42/Integrations/Code42/integration-Code42.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml index 226d33b37fc..c1b256d698a 100644 --- a/Packs/Code42/Integrations/Code42/integration-Code42.yml +++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml @@ -1,8 +1,8 @@ commonfields: - id: Code42Test + id: Code42 version: -1 -name: Code42Test -display: Code42Test +name: Code42 +display: Code42 category: Endpoint description: Use the Code42 integration to identify potential data exfiltration from insider threats while speeding investigation and response by providing fast access to file events and metadata across physical and cloud environments. configuration: From e2af5683e429fb49607a22e18d44893f0a104542 Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Wed, 24 Jun 2020 18:28:49 +0000 Subject: [PATCH 4/6] savE --- Packs/Code42/Integrations/Code42/Code42.py | 11 ++-- .../Code42/integration-Code42.yml | 7 ++- ...yout-details-Code42_Security_Alert-V2.json | 56 +++++++++++-------- 3 files changed, 43 insertions(+), 31 deletions(-) diff --git a/Packs/Code42/Integrations/Code42/Code42.py b/Packs/Code42/Integrations/Code42/Code42.py index fb48223c408..f07bb20cc0e 100644 --- a/Packs/Code42/Integrations/Code42/Code42.py +++ b/Packs/Code42/Integrations/Code42/Code42.py @@ -668,11 +668,11 @@ def _stringify_lists_if_needed(event): event["sharedWith"] = str(shared_list) if private_ip_addresses: event["privateIpAddresses"] = str(private_ip_addresses) + return event def _process_event_from_observation(event): - _stringify_lists_if_needed(event) - return event + return _stringify_lists_if_needed(event) class Code42SecurityIncidentFetcher(object): @@ -738,7 +738,7 @@ def _fetch_alerts(self, start_query_time): def _create_incident_from_alert(self, alert): details = self._client.get_alert_details(alert["id"]) incident = _create_incident_from_alert_details(details) - self._relate_files_to_alert(details) + details = self._relate_files_to_alert(details) incident["rawJSON"] = json.dumps(details) return incident @@ -746,6 +746,7 @@ def _relate_files_to_alert(self, alert_details): for obs in alert_details["observations"]: file_events = self._get_file_events_from_alert_details(obs, alert_details) alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events] + return alert_details def _get_file_events_from_alert_details(self, observation, alert_details): security_data_query = map_observation_to_security_query(observation, alert_details["actor"]) @@ -821,7 +822,7 @@ def main(): # Remove trailing slash to prevent wrong URL path to service verify_certificate = not demisto.params().get("insecure", False) proxy = demisto.params().get("proxy", False) - LOG(f"Command being called is {demisto.command()}") + LOG("Command being called is {0}.".format(demisto.command())) try: client = Code42Client( base_url=base_url, @@ -869,7 +870,7 @@ def main(): return_outputs(*commands[command](client, demisto.args())) # Log exceptions except Exception as e: - return_error(f"Failed to execute {demisto.command()} command. Error: {str(e)}") + return_error("Failed to execute {0} command. Error: {1}".format(demisto.command(), str(e))) if __name__ in ("__main__", "__builtin__", "builtins"): diff --git a/Packs/Code42/Integrations/Code42/integration-Code42.yml b/Packs/Code42/Integrations/Code42/integration-Code42.yml index c1b256d698a..3144142f6aa 100644 --- a/Packs/Code42/Integrations/Code42/integration-Code42.yml +++ b/Packs/Code42/Integrations/Code42/integration-Code42.yml @@ -755,11 +755,11 @@ script: event["sharedWith"] = str(shared_list) if private_ip_addresses: event["privateIpAddresses"] = str(private_ip_addresses) + return event def _process_event_from_observation(event): - _stringify_lists_if_needed(event) - return event + return _stringify_lists_if_needed(event) class Code42SecurityIncidentFetcher(object): @@ -825,7 +825,7 @@ script: def _create_incident_from_alert(self, alert): details = self._client.get_alert_details(alert["id"]) incident = _create_incident_from_alert_details(details) - self._relate_files_to_alert(details) + details = self._relate_files_to_alert(details) incident["rawJSON"] = json.dumps(details) return incident @@ -833,6 +833,7 @@ script: for obs in alert_details["observations"]: file_events = self._get_file_events_from_alert_details(obs, alert_details) alert_details["fileevents"] = [_process_event_from_observation(e) for e in file_events] + return alert_details def _get_file_events_from_alert_details(self, observation, alert_details): security_data_query = map_observation_to_security_query(observation, alert_details["actor"]) diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index e0e5c81d6b3..c51a1f61198 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -33,13 +33,11 @@ "startCol": 0 }, { - "dropEffect": "move", "endCol": 2, - "fieldId": "code42alertname", + "fieldId": "name", "height": 22, - "id": "732ae930-b637-11ea-b3d2-913a8f1b2f41", + "id": "381b6080-b63d-11ea-b3d2-913a8f1b2f41", "index": 1, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 }, @@ -83,24 +81,13 @@ "sectionItemType": "field", "startCol": 0 }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alerttimestamp", - "height": 22, - "id": "7821f7d0-b637-11ea-b3d2-913a8f1b2f41", - "index": 6, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, { "dropEffect": "move", "endCol": 2, "fieldId": "code42alertstate", "height": 22, "id": "75a42690-b637-11ea-b3d2-913a8f1b2f41", - "index": 7, + "index": 6, "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 @@ -111,7 +98,7 @@ "fieldId": "code42alertid", "height": 22, "id": "6dc82070-b637-11ea-b3d2-913a8f1b2f41", - "index": 8, + "index": 7, "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 @@ -121,7 +108,7 @@ "fieldId": "code42alerttype", "height": 22, "id": "727f7c10-b639-11ea-b3d2-913a8f1b2f41", - "index": 9, + "index": 8, "sectionItemType": "field", "startCol": 0 }, @@ -130,7 +117,7 @@ "fieldId": "sourcebrand", "height": 22, "id": "incident-sourceBrand-field", - "index": 10, + "index": 9, "sectionItemType": "field", "startCol": 0 }, @@ -139,7 +126,7 @@ "fieldId": "sourceinstance", "height": 22, "id": "incident-sourceInstance-field", - "index": 11, + "index": 10, "sectionItemType": "field", "startCol": 0 }, @@ -148,7 +135,7 @@ "fieldId": "dbotsource", "height": 22, "id": "incident-source-field", - "index": 12, + "index": 11, "sectionItemType": "field", "startCol": 0 }, @@ -157,7 +144,18 @@ "fieldId": "playbookid", "height": 22, "id": "incident-playbookId-field", + "index": 12, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttimestamp", + "height": 22, + "id": "7821f7d0-b637-11ea-b3d2-913a8f1b2f41", "index": 13, + "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", "sectionItemType": "field", "startCol": 0 } @@ -393,14 +391,26 @@ "hideName": false, "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", "items": [ + { + "dropEffect": "move", + "endCol": 6, + "fieldId": "code42fileevents", + "height": 106, + "id": "edd32d60-b645-11ea-b3d2-913a8f1b2f41", + "index": 0, + "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "sectionItemType": "field", + "startCol": 0 + }, { "dropEffect": "move", "endCol": 6, "fieldId": "exfiltratedfilelist", - "height": 110, + "height": 22, "id": "d857da20-5985-11ea-b904-997d555669cb", - "index": 0, + "index": 1, "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", + "sectionItemType": "field", "startCol": 0 } ], From aaa6cd07e414796929337639a9d82a3dae5fbd3a Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Thu, 25 Jun 2020 14:24:56 +0000 Subject: [PATCH 5/6] move and use file events mapping --- ...yout-details-Code42_Security_Alert-V2.json | 126 +++--------------- 1 file changed, 21 insertions(+), 105 deletions(-) diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index c51a1f61198..8af4ac3da1f 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -22,141 +22,59 @@ "isVisible": true, "items": [ { - "dropEffect": "move", "endCol": 2, "fieldId": "type", - "height": 22, + "height": 24, "id": "incident-type-field", "index": 0, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, - "fieldId": "name", - "height": 22, - "id": "381b6080-b63d-11ea-b3d2-913a8f1b2f41", + "fieldId": "severity", + "height": 24, + "id": "incident-severity-field", "index": 1, - "sectionItemType": "field", "startCol": 0 }, { - "dropEffect": "move", "endCol": 2, "fieldId": "owner", - "height": 22, + "height": 24, "id": "incident-owner-field", "index": 2, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", "startCol": 0 }, { - "dropEffect": "move", "endCol": 2, - "fieldId": "severity", - "height": 22, - "id": "incident-severity-field", + "fieldId": "dbotsource", + "height": 24, + "id": "incident-source-field", "index": 3, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "code42alertdescription", - "height": 22, - "id": "83c5f080-b639-11ea-b3d2-913a8f1b2f41", - "index": 4, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "code42username", - "height": 22, - "id": "5b671ae0-b5a0-11ea-b9fd-2fc523985e07", - "index": 5, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alertstate", - "height": 22, - "id": "75a42690-b637-11ea-b3d2-913a8f1b2f41", - "index": 6, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alertid", - "height": 22, - "id": "6dc82070-b637-11ea-b3d2-913a8f1b2f41", - "index": 7, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "code42alerttype", - "height": 22, - "id": "727f7c10-b639-11ea-b3d2-913a8f1b2f41", - "index": 8, - "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "sourcebrand", - "height": 22, + "height": 24, "id": "incident-sourceBrand-field", - "index": 9, - "sectionItemType": "field", + "index": 4, "startCol": 0 }, { "endCol": 2, "fieldId": "sourceinstance", - "height": 22, + "height": 24, "id": "incident-sourceInstance-field", - "index": 10, - "sectionItemType": "field", - "startCol": 0 - }, - { - "endCol": 2, - "fieldId": "dbotsource", - "height": 22, - "id": "incident-source-field", - "index": 11, - "sectionItemType": "field", + "index": 5, "startCol": 0 }, { "endCol": 2, "fieldId": "playbookid", - "height": 22, + "height": 24, "id": "incident-playbookId-field", - "index": 12, - "sectionItemType": "field", - "startCol": 0 - }, - { - "dropEffect": "move", - "endCol": 2, - "fieldId": "code42alerttimestamp", - "height": 22, - "id": "7821f7d0-b637-11ea-b3d2-913a8f1b2f41", - "index": 13, - "listId": "caseinfoid-fce71720-98b0-11e9-97d7-ed26ef9e46c8", - "sectionItemType": "field", + "index": 6, "startCol": 0 } ], @@ -226,7 +144,7 @@ "type": "team", "w": 1, "x": 2, - "y": 4 + "y": 7 }, { "displayType": "CARD", @@ -279,7 +197,7 @@ "static": false, "w": 1, "x": 0, - "y": 2 + "y": 5 }, { "displayType": "ROW", @@ -317,7 +235,7 @@ "static": false, "w": 1, "x": 2, - "y": 2 + "y": 5 }, { "displayType": "CARD", @@ -383,7 +301,7 @@ "static": false, "w": 1, "x": 1, - "y": 2 + "y": 5 }, { "displayType": "ROW", @@ -392,13 +310,11 @@ "i": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", "items": [ { - "dropEffect": "move", "endCol": 6, "fieldId": "code42fileevents", "height": 106, - "id": "edd32d60-b645-11ea-b3d2-913a8f1b2f41", + "id": "484a0170-b6ef-11ea-8e1b-f35e38fc5b4a", "index": 0, - "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", "sectionItemType": "field", "startCol": 0 }, @@ -408,7 +324,7 @@ "fieldId": "exfiltratedfilelist", "height": 22, "id": "d857da20-5985-11ea-b904-997d555669cb", - "index": 1, + "index": 2, "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", "sectionItemType": "field", "startCol": 0 @@ -422,7 +338,7 @@ "static": false, "w": 3, "x": 0, - "y": 6 + "y": 2 } ], "type": "custom" From 84042480259a487fb3b644f314f9568917b12df0 Mon Sep 17 00:00:00 2001 From: Juliya Smith Date: Thu, 25 Jun 2020 14:27:16 +0000 Subject: [PATCH 6/6] Create details widget --- ...yout-details-Code42_Security_Alert-V2.json | 128 ++++++++++++++++-- 1 file changed, 113 insertions(+), 15 deletions(-) diff --git a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json index 8af4ac3da1f..d741790c811 100644 --- a/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json +++ b/Packs/Code42/Layouts/layout-details-Code42_Security_Alert-V2.json @@ -24,57 +24,64 @@ { "endCol": 2, "fieldId": "type", - "height": 24, + "height": 22, "id": "incident-type-field", "index": 0, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "severity", - "height": 24, + "height": 22, "id": "incident-severity-field", "index": 1, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "owner", - "height": 24, + "height": 22, "id": "incident-owner-field", "index": 2, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "dbotsource", - "height": 24, + "height": 22, "id": "incident-source-field", "index": 3, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "sourcebrand", - "height": 24, + "height": 22, "id": "incident-sourceBrand-field", - "index": 4, + "index": 5, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "sourceinstance", - "height": 24, + "height": 22, "id": "incident-sourceInstance-field", - "index": 5, + "index": 6, + "sectionItemType": "field", "startCol": 0 }, { "endCol": 2, "fieldId": "playbookid", - "height": 24, + "height": 22, "id": "incident-playbookId-field", - "index": 6, + "index": 7, + "sectionItemType": "field", "startCol": 0 } ], @@ -94,7 +101,7 @@ "type": "notes", "w": 1, "x": 2, - "y": 0 + "y": 5 }, { "displayType": "ROW", @@ -105,7 +112,7 @@ "static": false, "type": "workplan", "w": 1, - "x": 1, + "x": 2, "y": 0 }, { @@ -144,7 +151,7 @@ "type": "team", "w": 1, "x": 2, - "y": 7 + "y": 9 }, { "displayType": "CARD", @@ -235,7 +242,7 @@ "static": false, "w": 1, "x": 2, - "y": 5 + "y": 7 }, { "displayType": "CARD", @@ -324,7 +331,7 @@ "fieldId": "exfiltratedfilelist", "height": 22, "id": "d857da20-5985-11ea-b904-997d555669cb", - "index": 2, + "index": 1, "listId": "caseinfoid-d0b3fb00-5985-11ea-b904-997d555669cb", "sectionItemType": "field", "startCol": 0 @@ -339,6 +346,97 @@ "w": 3, "x": 0, "y": 2 + }, + { + "displayType": "ROW", + "h": 2, + "hideName": false, + "i": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a", + "items": [ + { + "endCol": 2, + "fieldId": "code42alertname", + "height": 22, + "id": "d3760eb0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 0, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42username", + "height": 22, + "id": "e7d311f0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 1, + "sectionItemType": "field", + "startCol": 0 + }, + { + "dropEffect": "move", + "endCol": 2, + "fieldId": "code42alerttype", + "height": 22, + "id": "dcb30460-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 2, + "listId": "caseinfoid-bcc9c440-b6ef-11ea-8e1b-f35e38fc5b4a", + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertdescription", + "height": 22, + "id": "d4ac1db0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 3, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertstate", + "height": 22, + "id": "d8f1b6a0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 4, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alertid", + "height": 22, + "id": "d6de3ff0-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 5, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42alerttimestamp", + "height": 22, + "id": "dabdeb20-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 6, + "sectionItemType": "field", + "startCol": 0 + }, + { + "endCol": 2, + "fieldId": "code42severity", + "height": 22, + "id": "e5bab940-b6ef-11ea-8e1b-f35e38fc5b4a", + "index": 7, + "sectionItemType": "field", + "startCol": 0 + } + ], + "maxW": 3, + "minH": 1, + "minW": 1, + "moved": false, + "name": "Code42 Alert Details", + "static": false, + "w": 1, + "x": 1, + "y": 0 } ], "type": "custom"