Lumu Integration - SecOps Operation (demisto#24682)

Packs/Lumu/.pack-ignore

@@ -0,0 +1,56 @@
+[file:incidentfield-Lumu-lastContact.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_actions2.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_actions.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_incidentId.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-labelDistribution.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_status.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_totalEndpoints.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-adversaryTypes.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-contactSummary.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_contacts.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-statusTimestamp.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-companyId.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-firstcontact.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_description.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_source_name.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-adversaries.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-adversaryId.json]
+ignore=IF113
+
+[file:incidentfield-Lumu-lumu_event_type.json]
+ignore=IF113
+
+[file:classifier-mapper-incoming-Lumu.json]
+ignore=MP106

Packs/Lumu/.secrets-ignore

@@ -0,0 +1,19 @@
+172.16.1.10
+['172.16.1.10', '172.16.1.10']
+https://lumu.io
+https://defender.lumu.io
+1.0.2.0
+https://blog.morphisec.com
+https://blog.quosec.net
+https://jits.ac.in
+https://jits.ac.in
+3.223.53.1
+23.227.202.142
+23.227.202.142
+['3.223.53.1', '3.223.53.1', '23.227.202.142', '23.227.202.142']
+104.156.63.145
+192.168.110.113
+['104.156.63.145', '104.156.63.145']
+161.97.110.203
+['161.97.110.203', '161.97.110.203']
+186.29.109.138

Packs/Lumu/Classifiers/classifier-Lumu.json

@@ -0,0 +1,65 @@
+{
+	"defaultIncidentType": "Lumu",
+	"description": "Classifies Lumu incidents",
+	"feed": false,
+	"id": "Lumu",
+	"keyTypeMap": {
+		"lumu": "Lumu"
+	},
+	"name": "Lumu",
+	"transformer": {
+		"complex": {
+			"filters": [
+				[
+					{
+						"left": {
+							"isContext": true,
+							"value": {
+								"simple": "lumu_source_name"
+							}
+						},
+						"operator": "isEqualString",
+						"right": {
+							"value": {
+								"simple": "lumu"
+							}
+						}
+					},
+					{
+						"left": {
+							"isContext": true,
+							"value": {
+								"simple": "lumu_source_name"
+							}
+						},
+						"operator": "isEqualString",
+						"right": {
+							"value": {
+								"simple": "Lumu"
+							}
+						}
+					},
+					{
+						"left": {
+							"isContext": true,
+							"value": {
+								"simple": "lumu_source_name"
+							}
+						},
+						"operator": "isEqualString",
+						"right": {
+							"value": {
+								"simple": "LUMU"
+							}
+						}
+					}
+				]
+			],
+			"root": "lumu_source_name",
+			"transformers": []
+		}
+	},
+	"type": "classification",
+	"version": -1,
+	"fromVersion": "6.0.0"
+}

Packs/Lumu/Classifiers/classifier-mapper-incoming-Lumu.json

@@ -0,0 +1,210 @@
+{
+	"description": "Maps incoming Lumu incidents fields.",
+	"feed": false,
+	"id": "LumuInMap",
+	"mapping": {
+		"Lumu": {
+			"dontMapEventToLabels": false,
+			"internalMapping": {
+				"Comment": {
+					"complex": {
+						"filters": [],
+						"root": "comment",
+						"transformers": []
+					}
+				},
+				"adversaries": {
+					"complex": {
+						"filters": [],
+						"root": "adversaries",
+						"transformers": []
+					}
+				},
+				"adversaryId": {
+					"complex": {
+						"filters": [],
+						"root": "adversaryId",
+						"transformers": []
+					}
+				},
+				"adversaryTypes": {
+					"complex": {
+						"filters": [],
+						"root": "adversaryTypes",
+						"transformers": []
+					}
+				},
+				"companyId": {
+					"complex": {
+						"filters": [],
+						"root": "companyId",
+						"transformers": []
+					}
+				},
+				"contactSummary": {
+					"complex": {
+						"filters": [],
+						"root": "contactSummary",
+						"transformers": []
+					}
+				},
+				"details": {
+					"complex": {
+						"filters": [],
+						"root": "description",
+						"transformers": []
+					}
+				},
+				"firstContact": {
+					"complex": {
+						"filters": [],
+						"root": "firstContact",
+						"transformers": []
+					}
+				},
+				"incidentId": {
+					"complex": {
+						"filters": [],
+						"root": "incidentId",
+						"transformers": []
+					}
+				},
+				"labelDistribution": {
+					"complex": {
+						"filters": [],
+						"root": "labelDistribution",
+						"transformers": []
+					}
+				},
+				"lastContact": {
+					"complex": {
+						"filters": [],
+						"root": "lastContact",
+						"transformers": []
+					}
+				},
+				"lumu_actions": {
+					"simple": "actions"
+				},
+				"lumu_actions2": {
+					"simple": "actions"
+				},
+				"lumu_contacts": {
+					"complex": {
+						"filters": [],
+						"root": "contacts",
+						"transformers": []
+					}
+				},
+				"lumu_description": {
+					"complex": {
+						"filters": [],
+						"root": "description",
+						"transformers": []
+					}
+				},
+				"lumu_event_type": {
+					"complex": {
+						"filters": [],
+						"root": "lumu_event_type",
+						"transformers": []
+					}
+				},
+				"lumu_incidentId": {
+					"complex": {
+						"filters": [],
+						"root": "lumu_incidentId",
+						"transformers": []
+					}
+				},
+				"lumu_source_name": {
+					"complex": {
+						"filters": [],
+						"root": "lumu_source_name",
+						"transformers": []
+					}
+				},
+				"lumu_status": {
+					"complex": {
+						"filters": [],
+						"root": "lumu_status",
+						"transformers": []
+					}
+				},
+				"lumu_totalEndpoints": {
+					"complex": {
+						"filters": [],
+						"root": "totalEndpoints",
+						"transformers": []
+					}
+				},
+				"occurred": {
+					"complex": {
+						"filters": [],
+						"root": "timestamp",
+						"transformers": []
+					}
+				},
+				"statusTimestamp": {
+					"complex": {
+						"filters": [],
+						"root": "statusTimestamp",
+						"transformers": []
+					}
+				}
+			}
+		},
+		"dbot_classification_incident_type_all": {
+			"dontMapEventToLabels": true,
+			"internalMapping": {
+				"Description": {
+					"complex": {
+						"filters": [],
+						"root": "description",
+						"transformers": []
+					}
+				},
+				"IncomingMirrorError": {
+					"simple": "incomming_mirror_error"
+				},
+				"Source Status": {
+					"complex": {
+						"filters": [],
+						"root": "status",
+						"transformers": []
+					}
+				},
+				"State": {
+					"complex": {
+						"filters": [],
+						"root": "status",
+						"transformers": []
+					}
+				},
+				"dbotMirrorDirection": {
+					"simple": "mirror_direction"
+				},
+				"dbotMirrorInstance": {
+					"simple": "mirror_instance"
+				},
+				"dbotMirrorLastSync": {
+					"simple": "mirror_last_sync"
+				},
+				"dbotMirrorTags": {
+					"simple": "mirror_tags"
+				},
+				"severity": {
+					"complex": {
+						"filters": [],
+						"root": "severity",
+						"transformers": []
+					}
+				}
+			}
+		}
+	},
+	"name": "LumuInMap",
+	"type": "mapping-incoming",
+	"version": -1,
+	"fromVersion": "6.0.0"
+}

Packs/Lumu/IncidentFields/incidentfield-Lumu-adversaries.json

@@ -0,0 +1,30 @@
+{
+    "id": "incident_adversaries",
+    "name": "adversaries",
+    "ownerOnly": false,
+    "cliName": "adversaries",
+    "type": "multiSelect",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": true,
+    "associatedTypes": [
+        "Lumu"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "version": -1,
+    "fromVersion": "6.5.0"
+}