Update ExtraHop Integration

IncidentFields/incidentfield-ExtraHop_Appliance_ID.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_extrahopapplianceid",
+    "version": -1,
+    "modified": "2019-04-22T17:17:37.549302836-07:00",
+    "name": "ExtraHop Appliance ID",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "Appliance ID of the ExtraHop Reveal(x) that created the detection",
+    "cliName": "extrahopapplianceid",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_End_Time.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_detectionendtime",
+    "version": -1,
+    "modified": "2019-04-22T17:16:15.442344109-07:00",
+    "name": "Detection End Time",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "Timestamp of when the ExtraHop Reveal(x) detection ended",
+    "cliName": "detectionendtime",
+    "type": "date",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_ID.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_detectionid",
+    "version": -1,
+    "modified": "2019-04-22T17:13:45.37251142-07:00",
+    "name": "Detection ID",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "ID of the ExtraHop Reveal(x) detection",
+    "cliName": "detectionid",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_Participants.json

@@ -0,0 +1,102 @@
+{
+    "id": "incident_participants",
+    "version": -1,
+    "modified": "2019-08-08T16:56:35.95463214-07:00",
+    "name": "Participants",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "List of participant objects associated with the ExtraHop Reveal(x) detection",
+    "cliName": "participants",
+    "type": "grid",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": [],
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": [
+        {
+            "key": "role",
+            "displayName": "Role",
+            "type": "shortText",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        },
+        {
+            "key": "ipaddress",
+            "displayName": "IP Address",
+            "type": "shortText",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        },
+        {
+            "key": "macaddress",
+            "displayName": "MAC Address",
+            "type": "shortText",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        },
+        {
+            "key": "dnsname",
+            "displayName": "DNS Name",
+            "type": "shortText",
+            "required": false,
+            "script": "",
+            "width": 111,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        },
+        {
+            "key": "external",
+            "displayName": "External",
+            "type": "boolean",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        }
+    ],
+    "defaultRows": [
+        {}
+    ],
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_Raw_Participants.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_rawparticipants",
+    "version": -1,
+    "modified": "2019-06-19T11:52:10.492074402-07:00",
+    "name": "Raw Participants",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "Raw list of participant objects associated with the ExtraHop Reveal(x) detection",
+    "cliName": "rawparticipants",
+    "type": "longText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_Risk_Score.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_riskscore",
+    "version": -1,
+    "modified": "2019-04-22T17:19:47.040089413-07:00",
+    "name": "Risk Score",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "Risk score associated with the ExtraHop Reveal(x) detection",
+    "cliName": "riskscore",
+    "type": "number",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_Ticketed.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_detectionticketed",
+    "version": -1,
+    "modified": "2019-05-30T11:00:44.526831884-07:00",
+    "name": "Detection Ticketed",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "Whether the incident is tracked to the corresponding detection in ExtraHop Reveal(x)",
+    "cliName": "detectionticketed",
+    "type": "boolean",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}

IncidentFields/incidentfield-ExtraHop_Detection_URL.json

@@ -0,0 +1,39 @@
+{
+    "id": "incident_detectionurl",
+    "version": -1,
+    "modified": "2019-04-22T17:21:03.696546875-07:00",
+    "name": "Detection URL",
+    "ownerOnly": false,
+    "placeholder": "",
+    "description": "URL of the ExtraHop Reveal(x) detection",
+    "cliName": "detectionurl",
+    "type": "url",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "script": "",
+    "fieldCalcScript": "",
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "selectValues": null,
+    "validationRegex": "",
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "associatedTypes": [
+        "ExtraHop Detection"
+    ],
+    "systemAssociatedTypes": null,
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": false,
+    "caseInsensitive": true,
+    "columns": null,
+    "defaultRows": null,
+    "sla": 0,
+    "threshold": 72,
+    "breachScript": ""
+}