Skip to content

Commit

Permalink
Cloud Incident Response pack and Cloud Token Theft playbook (demisto#…
Browse files Browse the repository at this point in the history 
…27331)

* new pack for Cloud Incident Response playbooks

* new pack for Cloud Incident Response playbooks

* updates common playbooks RN

* updates common playbooks RN

* Added scripts

* Added trigger

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CommonPlaybooks/Playbooks/playbook-Cloud_Enrichment_-_Generic_README.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CommonPlaybooks/ReleaseNotes/2_3_74.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence_README.md

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Threat_Hunting_-_Persistence.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* Update Packs/CloudIncidentResponse/Playbooks/playbook-Cloud_Token_Theft_-_Set_Verdict.yml

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>

* fixes the Hunting Results section in the layout

* Added the pack and scripts readme

* updates pack meta-data

* Review fixes

* PBs screenshot

* removes quiet mode

* removes quiet mode

* fixes shared sub-playbooks.

* inputs validation

* fixes tasks description

* Added playbook outputs

* update RN and PBs description

* changes to MP2 only

* new script

* review fixes

* update RN

* fix typo

* updates the readme png links

* unit test and fixes

* fix layout

* added pack ignore for the dynamic sections unit tests

* secrets

* fixes

* fixes

* pack ignore

* fixes

* docker image version

* fix flake errors

* remove trigger due to sdk bug

* added unit test

* fix unit test coverage

* fix unit test coverage

---------

Co-authored-by: ShirleyDenkberg <62508050+ShirleyDenkberg@users.noreply.github.com>
  • Loading branch information
@melamedbn @ShirleyDenkberg @xsoar-bot
2 people authored and xsoar-bot committed Jul 26, 2023
1 parent 5c5a189 commit 60b4e07
Show file tree
Hide file tree
Showing 44 changed files with 7,224 additions and 1 deletion.
23 changes: 23 additions & 0 deletions Packs/CloudIncidentResponse/.pack-ignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
[file:displayCloudIndicators.yml]
ignore=BA124

[file:EntryWidgetRegionNameXCLOUD.yml]
ignore=BA124

[file:EntryWidgetResourceTypeXCLOUD.yml]
ignore=BA124

[file:XCloudIdentitiesWidget.yml]
ignore=BA124

[file:XCloudProviderWidget.yml]
ignore=BA124

[file:XCloudRelatedAlertsWidget.yml]
ignore=BA124

[file:Trigger_-_Cloud_Token_Theft_Response.json]
ignore=GR101

[file:README.md]
ignore=RM108
2 changes: 2 additions & 0 deletions Packs/CloudIncidentResponse/.secrets-ignore
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
10.128.0.6
::1111
1,390 changes: 1,390 additions & 0 deletions Packs/CloudIncidentResponse/Layouts/layoutscontainer-CLOUD_Token_Theft.json
View file

Large diffs are not rendered by default.

Loading

0 comments on commit 60b4e07

Please sign in to comment.