Add sekoia xdr pack without mirroring (demisto#36252) (demisto#36339)

* Add sekoia xdr pack without mirroring * Change docker version * Delete some yml configurations * Change yaml files * Apply linter Co-authored-by: TOUFIKI Zakarya <[email protected]>
CheckPointSW · Sep 19, 2024 · 351694b · 351694b
1 parent eb7cdd7
commit 351694b
Show file tree

Hide file tree

Showing 62 changed files with 7,651 additions and 0 deletions.
diff --git a/Packs/SekoiaXDR/.pack-ignore b/Packs/SekoiaXDR/.pack-ignore
diff --git a/Packs/SekoiaXDR/.secrets-ignore b/Packs/SekoiaXDR/.secrets-ignore
@@ -0,0 +1,5 @@
+https://api.sekoia.io
+[email protected]
+7.3.4.4
+https://www.sekoia.io
+https://docs.sekoia.io
diff --git a/Packs/SekoiaXDR/Author_image.png b/Packs/SekoiaXDR/Author_image.png
diff --git a/Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Classifier.json b/Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Classifier.json
@@ -0,0 +1,23 @@
+{
+    "defaultIncidentType": "Sekoia XDR",
+    "description": "",
+    "feed": false,
+    "id": "Sekoia XDR - Classifier",
+    "keyTypeMap": {
+        "malware": "Sekoia XDR",
+        "masquerade": "Sekoia XDR",
+        "phishing": "Sekoia XDR",
+        "ransomware": "Sekoia XDR",
+        "system-compromise": "Sekoia XDR"
+    },
+    "name": "Sekoia XDR - Classifier",
+    "propagationLabels": [
+        "all"
+    ],
+    "transformer": {
+        "simple": "alert_type.value"
+    },
+    "type": "classification",
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Incoming_Mapper.json b/Packs/SekoiaXDR/Classifiers/classifier-Sekoia_XDR_-_Incoming_Mapper.json
@@ -0,0 +1,126 @@
+{
+    "description": "Maps incoming Sekoia XDR incidents fields.\n",
+    "feed": false,
+    "id": "Sekoia XDR - Incoming Mapper",
+    "mapping": {
+        "Sekoia XDR": {
+            "dontMapEventToLabels": true,
+            "internalMapping": {
+                "Alert Category": {
+                    "simple": "alert_type.category"
+                },
+                "Alert ID": {
+                    "simple": "short_id"
+                },
+                "Alert Name": {
+                    "simple": "title"
+                },
+                "Alert Type ID": {
+                    "simple": "alert_type.value"
+                },
+                "Description": {
+                    "simple": "details"
+                },
+                "External Link": {
+                    "simple": "target"
+                },
+                "Last Seen": {
+                    "simple": "last_seen_at"
+                },
+                "SekoiaXDR Alert Details": {
+                    "simple": "details"
+                },
+                "SekoiaXDR Alert Status": {
+                    "simple": "status.name"
+                },
+                "SekoiaXDR First Seen": {
+                    "simple": "first_seen_at"
+                },
+                "SekoiaXDR Kill Chain": {
+                    "complex": {
+                        "filters": [],
+                        "root": "kill_chain",
+                        "transformers": []
+                    }
+                },
+                "Source Create time": {
+                    "complex": {
+                        "filters": [],
+                        "root": "created_at",
+                        "transformers": [
+                            {
+                                "operator": "TimeStampToDate"
+                            }
+                        ]
+                    }
+                },
+                "Source IP": {
+                    "simple": "source"
+                },
+                "dbotMirrorInstance": {
+                    "simple": "mirror_instance"
+                }
+            }
+        },
+        "dbot_classification_incident_type_all": {
+            "dontMapEventToLabels": false,
+            "internalMapping": {
+                "Alert Category": {
+                    "simple": "alert_type.category"
+                },
+                "Alert ID": {
+                    "simple": "short_id"
+                },
+                "Alert Name": {
+                    "simple": "title"
+                },
+                "Alert Type ID": {
+                    "simple": "alert_type.value"
+                },
+                "Description": {
+                    "simple": "details"
+                },
+                "Last Seen": {
+                    "simple": "last_seen_at"
+                },
+                "SekoiaXDR Alert Details": {
+                    "simple": "details"
+                },
+                "SekoiaXDR Alert Status": {
+                    "simple": "status.name"
+                },
+                "SekoiaXDR First Seen": {
+                    "simple": "first_seen_at"
+                },
+                "SekoiaXDR Kill Chain": {
+                    "complex": {
+                        "filters": [],
+                        "root": "kill_chain",
+                        "transformers": []
+                    }
+                },
+                "Source Create time": {
+                    "complex": {
+                        "filters": [],
+                        "root": "created_at",
+                        "transformers": [
+                            {
+                                "operator": "TimeStampToDate"
+                            }
+                        ]
+                    }
+                },
+                "Source IP": {
+                    "simple": "source"
+                },
+                "dbotMirrorInstance": {
+                    "simple": "mirror_instance"
+                }
+            }
+        }
+    },
+    "name": "Sekoia XDR - Incoming Mapper",
+    "type": "mapping-incoming",
+    "version": -1,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertdetails_field.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_sekoiaxdralertdetails",
+    "version": -1,
+    "modified": "2024-07-02T13:34:47.794510655Z",
+    "name": "SekoiaXDR Alert Details",
+    "ownerOnly": false,
+    "cliName": "sekoiaxdralertdetails",
+    "type": "markdown",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Sekoia XDR"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertreject_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertreject_field.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_sekoiaxdralertreject",
+    "version": -1,
+    "modified": "2024-08-07T10:24:42.847046678Z",
+    "name": "SekoiaXDR Alert Reject",
+    "ownerOnly": false,
+    "cliName": "sekoiaxdralertreject",
+    "type": "boolean",
+    "closeForm": true,
+    "editForm": false,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Sekoia XDR"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_alertstatus_field.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_sekoiaxdralertstatus",
+    "version": -1,
+    "modified": "2024-07-02T13:34:47.866877854Z",
+    "name": "SekoiaXDR Alert Status",
+    "ownerOnly": false,
+    "cliName": "sekoiaxdralertstatus",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Sekoia XDR"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_firstseen_field.json
@@ -0,0 +1,31 @@
+{
+    "id": "incident_sekoiaxdrfirstseen",
+    "version": -1,
+    "modified": "2024-07-02T13:34:47.978554181Z",
+    "name": "SekoiaXDR First Seen",
+    "ownerOnly": false,
+    "cliName": "sekoiaxdrfirstseen",
+    "type": "shortText",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": false,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Sekoia XDR"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}
diff --git a/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json b/Packs/SekoiaXDR/IncidentFields/incident_sekoia_xdr_killchain_field.json
@@ -0,0 +1,62 @@
+{
+    "id": "incident_sekoiaxdrkillchain",
+    "version": -1,
+    "modified": "2024-07-02T13:34:48.058774798Z",
+    "name": "SekoiaXDR Kill Chain",
+    "ownerOnly": false,
+    "cliName": "sekoiaxdrkillchain",
+    "type": "grid",
+    "closeForm": false,
+    "editForm": true,
+    "required": false,
+    "neverSetAsRequired": false,
+    "isReadOnly": true,
+    "useAsKpi": false,
+    "locked": false,
+    "system": false,
+    "content": true,
+    "group": 0,
+    "hidden": false,
+    "openEnded": false,
+    "associatedTypes": [
+        "Sekoia XDR"
+    ],
+    "associatedToAll": false,
+    "unmapped": false,
+    "unsearchable": true,
+    "caseInsensitive": true,
+    "columns": [
+        {
+            "key": "name",
+            "displayName": "Name",
+            "type": "shortText",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        },
+        {
+            "key": "description",
+            "displayName": "Description",
+            "type": "shortText",
+            "orgType": "shortText",
+            "required": false,
+            "script": "",
+            "width": 150,
+            "isDefault": true,
+            "fieldCalcScript": "",
+            "isReadOnly": false,
+            "selectValues": null
+        }
+    ],
+    "defaultRows": [
+        {}
+    ],
+    "sla": 0,
+    "threshold": 72,
+    "fromVersion": "6.10.0"
+}