Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Gem Security pack #33434

Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions Packs/Gem/.pack-ignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
[file:incidentfield-Gem_Account_Provider.json]
ignore=IF115

[file:incidentfield-Gem_Events_Count.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_ID.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Name.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Region.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Type.json]
ignore=IF115

[file:incidentfield-Gem_TTP_ID.json]
ignore=IF115

[file:incidentfield-Gem_Threat_ID.json]
ignore=IF115

[file:incidentfield-Gem_Verdict.json]
ignore=IF115
Empty file added Packs/Gem/.secrets-ignore
Empty file.
Binary file added Packs/Gem/Author_image.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
40 changes: 40 additions & 0 deletions Packs/Gem/Classifiers/classifier-GemAlert.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"description": "Classifies Gem Alerts.",
"feed": false,
"id": "Gem Classifier",
"keyTypeMap": {
"app.gem.security": "Gem Alert"
},
"name": "Gem Classifier",
"transformer": {
"complex": {
"filters": [],
"root": "link",
"transformers": [
{
"args": {
"from": {
"isContext": false,
"value": {
"simple": "8"
}
},
"to": {
"isContext": false,
"value": {
"simple": "24"
}
}
},
"operator": "substring"
}
]
}
},
"type": "classification",
"version": -1,
"propagationLabels": [
"all"
],
"fromVersion": "6.12.0"
}
120 changes: 120 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem-webhook.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"feed": false,
"fromVersion": "6.12.0",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Account ID": {
"simple": "account.name"
},
"Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Alert ID": {
"simple": "event.alert_id"
},
"Alert Source": {
"simple": "event.alert_source"
},
"occurred": {
"simple": "event_datetime"
},
"Description": {
"simple": "description"
},
"Gem Events Count": {
"simple": "event.events_total_count"
},
"External Link": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "event",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"Gem Main Entity ID": {
"simple": "event.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "event.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "event.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "event.main_entity.type"
},
"Gem Threat ID": {
"simple": "event.threat_id"
},
"Title": {
"simple": "title"
},
"Gem TTP ID": {
"simple": "event.ttp_id"
},
"name": {
"simple": "title"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"id": "Gem Mapper Webhook",
"name": "Gem Mapper Webhook",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields when received via webhook.",
"version": -1
}
120 changes: 120 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"id": "Gem Mapper",
"name": "Gem Mapper",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields.",
"fromVersion": "6.12.0",
"defaultIncidentType": "Gem Alert",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Description": {
"simple": "description"
},
"Account ID": {
"simple": "account.name"
},
"Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Alert ID": {
"simple": "metadata.alert_id"
},
"Alert Source": {
"simple": "metadata.alert_source"
},
"Gem Events Count": {
"simple": "metadata.events_total_count"
},
"Gem Main Entity ID": {
"simple": "metadata.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "metadata.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "metadata.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "metadata.main_entity.type"
},
"Gem TTP ID": {
"simple": "metadata.ttp_id"
},
"Gem Threat ID": {
"simple": "metadata.threat_id"
},
"Title": {
"simple": "title"
},
"External Link": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "metadata",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"name": {
"simple": "title"
},
"occurred": {
"simple": "event_datetime"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"version": -1
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Account_Provider.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemaccountprovider",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemaccountprovider",
"isReadOnly": true,
"locked": false,
"name": "Gem Account Provider",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.12.0"
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Events_Count.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemeventscount",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemeventscount",
"isReadOnly": true,
"locked": false,
"name": "Gem Events Count",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "number",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.12.0"
}
Loading
Loading