Skip to content

Commit

Permalink
Gem Security pack (demisto#33434) (demisto#34311)
Browse files Browse the repository at this point in the history 
* Gem Security pack Commit

Pack includes:

1 Automation
3 Classifiers
16 Incident Fields
1 Incident Type
1 Integration
1 Layout
3 Playbooks
1 Pre-process Rule

* Ci fix (#5)

* Fix post commit validation issues

* Fix tests coverage

* Fix indent (#6)

* Cr fix (#7)

* Fix playbooks

* Format playbooks and fix Gem Alert Classifier

* Fix blank space in Gem Layout

* Fix incident fields

* Fix cr (#8)

* Fix double line

* Update playbooks (#9)

Co-authored-by: Lior Maman <155369912+liormgem@users.noreply.github.com>
  • Loading branch information
@content-bot @liormgem
content-bot and liormgem authored May 9, 2024
1 parent c5aaa60 commit 0b00fd2
Show file tree
Hide file tree
Showing 41 changed files with 6,805 additions and 0 deletions.
26 changes: 26 additions & 0 deletions Packs/Gem/.pack-ignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
[file:incidentfield-Gem_Account_Provider.json]
ignore=IF115

[file:incidentfield-Gem_Events_Count.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_ID.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Name.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Region.json]
ignore=IF115

[file:incidentfield-Gem_Main_Entity_Type.json]
ignore=IF115

[file:incidentfield-Gem_TTP_ID.json]
ignore=IF115

[file:incidentfield-Gem_Threat_ID.json]
ignore=IF115

[file:incidentfield-Gem_Verdict.json]
ignore=IF115
Empty file added Packs/Gem/.secrets-ignore
View file
Empty file.
Binary file added Packs/Gem/Author_image.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
40 changes: 40 additions & 0 deletions Packs/Gem/Classifiers/classifier-GemAlert.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"description": "Classifies Gem Alerts.",
"feed": false,
"id": "Gem Classifier",
"keyTypeMap": {
"app.gem.security": "Gem Alert"
},
"name": "Gem Classifier",
"transformer": {
"complex": {
"filters": [],
"root": "link",
"transformers": [
{
"args": {
"from": {
"isContext": false,
"value": {
"simple": "8"
}
},
"to": {
"isContext": false,
"value": {
"simple": "24"
}
}
},
"operator": "substring"
}
]
}
},
"type": "classification",
"version": -1,
"propagationLabels": [
"all"
],
"fromVersion": "6.12.0"
}
120 changes: 120 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem-webhook.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"feed": false,
"fromVersion": "6.12.0",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Account ID": {
"simple": "account.name"
},
"Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Alert ID": {
"simple": "event.alert_id"
},
"Alert Source": {
"simple": "event.alert_source"
},
"occurred": {
"simple": "event_datetime"
},
"Description": {
"simple": "description"
},
"Gem Events Count": {
"simple": "event.events_total_count"
},
"External Link": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "event",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"Gem Main Entity ID": {
"simple": "event.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "event.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "event.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "event.main_entity.type"
},
"Gem Threat ID": {
"simple": "event.threat_id"
},
"Title": {
"simple": "title"
},
"Gem TTP ID": {
"simple": "event.ttp_id"
},
"name": {
"simple": "title"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"id": "Gem Mapper Webhook",
"name": "Gem Mapper Webhook",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields when received via webhook.",
"version": -1
}
120 changes: 120 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,120 @@
{
"id": "Gem Mapper",
"name": "Gem Mapper",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields.",
"fromVersion": "6.12.0",
"defaultIncidentType": "Gem Alert",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Description": {
"simple": "description"
},
"Account ID": {
"simple": "account.name"
},
"Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Alert ID": {
"simple": "metadata.alert_id"
},
"Alert Source": {
"simple": "metadata.alert_source"
},
"Gem Events Count": {
"simple": "metadata.events_total_count"
},
"Gem Main Entity ID": {
"simple": "metadata.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "metadata.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "metadata.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "metadata.main_entity.type"
},
"Gem TTP ID": {
"simple": "metadata.ttp_id"
},
"Gem Threat ID": {
"simple": "metadata.threat_id"
},
"Title": {
"simple": "title"
},
"External Link": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "metadata",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"name": {
"simple": "title"
},
"occurred": {
"simple": "event_datetime"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"version": -1
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Account_Provider.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemaccountprovider",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemaccountprovider",
"isReadOnly": true,
"locked": false,
"name": "Gem Account Provider",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.12.0"
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Events_Count.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemeventscount",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemeventscount",
"isReadOnly": true,
"locked": false,
"name": "Gem Events Count",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "number",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.12.0"
}
Loading

0 comments on commit 0b00fd2

Please sign in to comment.