def Prompt_timeout_api(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('Prompt_timeout_api() called')
phantom.pin(container=container,
data="",
message="\"Awaiting Action\"",
pin_type="card",
pin_style="red",
name="Awaiting_Action_pin")
note_title = ""
note_content = ""
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
phantom.comment(
container=container,
comment="“User failed to promote event within time limit.”")
phantom.set_status(container=container, status="Closed")
return
def summary_note(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug("summary_note() called")
################################################################################
# Leave a summary note
################################################################################
format_custom_note__output = json.loads(
phantom.get_run_data(key="format_custom_note:output"))
################################################################################
## Custom Code Start
################################################################################
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container,
content=format_custom_note__output,
note_format="markdown",
note_type="general",
title="SSH Log4j Response")
return
def add_protect_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_protect_note() called")
################################################################################
# Custom code to handle leaving a note with a dynamic title and content when the
# Risk Mitigate workbook is not present.
################################################################################
risk_notable_protect_assets_and_users_output_note_title = phantom.collect2(container=container, datapath=["risk_notable_protect_assets_and_users:playbook_output:note_title"])
risk_notable_protect_assets_and_users_output_note_content = phantom.collect2(container=container, datapath=["risk_notable_protect_assets_and_users:playbook_output:note_content"])
risk_notable_protect_assets_and_users_output_note_title_values = [item[0] for item in risk_notable_protect_assets_and_users_output_note_title]
risk_notable_protect_assets_and_users_output_note_content_values = [item[0] for item in risk_notable_protect_assets_and_users_output_note_content]
################################################################################
## Custom Code Start
################################################################################
note_title = risk_notable_protect_assets_and_users_output_note_title_values
note_content = risk_notable_protect_assets_and_users_output_note_content_values
for title, content in zip(note_title, note_content):
phantom.add_note(container=container, title=title, content=content, note_type="general", note_format="markdown")
################################################################################
## Custom Code End
################################################################################
return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_1() called')
note_title = "Notable Created in Enterprise Security"
note_content = "A notable event containing relevant information about this event has been created in Enterprise Security."
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_5(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_5() called')
formatted_data_1 = phantom.get_format_data(name='Text_Unable_to_unshorten_url')
note_title = "URL NOT unshortend"
note_content = formatted_data_1
note_format = "html"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Enforce network allow lists either at host and/or network layer to monitor and limit access to critical assets."
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_1() called')
formatted_data_1 = phantom.get_format_data(name='format_1')
note_title = "List process result"
note_content = formatted_data_1
note_format = "html"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_22(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_22() called')
formatted_data_1 = phantom.get_format_data(name='Format_Add_Note')
note_title = "OT Asset Information Details"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_comment_add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_comment_add_note_3() called')
phantom.comment(container=container, comment="No recipients have been found receiving this email")
note_title = "No Recipients Found"
note_content = "No recipients have been found to have received this email."
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_HTTP_metadata_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_HTTP_metadata_note() called')
formatted_data_1 = phantom.get_format_data(name='format_http_note')
note_title = "URI the end point made requests to"
note_content = formatted_data_1
note_format = "html"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def Add_other_service_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('Add_other_service_note() called')
formatted_data_1 = phantom.get_format_data(name='Format_other_service_note')
note_title = "Internal service detection"
note_content = formatted_data_1
note_format = "html"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def Add_New_Systems_Note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('Add_New_Systems_Note() called')
formatted_data_1 = phantom.get_format_data(name='Format_New_Systems_Note')
note_title = "New System Connection"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Check Network New Outbound Detected"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_note_22(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_note_22() called')
formatted_data_1 = phantom.get_format_data(name='Format_Add_Note')
note_title = "\"Enforcement of network segmentation control on the host, limiting the host to minimal connectivity"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_comment_add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('add_comment_add_note_2() called')
formatted_data_1 = phantom.get_format_data(name='format_5')
phantom.comment(container=container, comment=formatted_data_1)
note_title = "Recipients of Email"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
return
def add_import_data_note_1(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug("add_import_data_note_1() called")
################################################################################
# Custom code to handle leaving a note with a dynamic title and content when the
# Risk Investigation workbook is not present.
################################################################################
risk_notable_import_data_output_note_title = phantom.collect2(
container=container,
datapath=["risk_notable_import_data:playbook_output:note_title"])
risk_notable_import_data_output_note_content = phantom.collect2(
container=container,
datapath=["risk_notable_import_data:playbook_output:note_content"])
risk_notable_import_data_output_note_title_values = [
item[0] for item in risk_notable_import_data_output_note_title
]
risk_notable_import_data_output_note_content_values = [
item[0] for item in risk_notable_import_data_output_note_content
]
################################################################################
## Custom Code Start
################################################################################
for title, content in zip(
risk_notable_import_data_output_note_title_values,
risk_notable_import_data_output_note_content_values):
phantom.add_note(container=container,
content=content,
note_format="markdown",
note_type="general",
title=title)
################################################################################
## Custom Code End
################################################################################
join_risk_notable_enrich(container=container)
return
def add_error_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_error_note() called")
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container, content="No response playbooks found for criteria in playbook_list utility block.", note_format="markdown", note_type="general", title="[Auto-Generated] Verdict Error")
return
def add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_note_2() called")
custom_format__note_content = json.loads(phantom.get_run_data(key="custom_format:note_content"))
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container, content=custom_format__note_content, note_format="markdown", note_type="general", title="Evidence of jndilookup.class for CVE-2021-44228")
return
def add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_note_2() called")
format_end_note = phantom.get_format_data(name="format_end_note")
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container, content=format_end_note, note_format="markdown", note_type="general", title="[Auto-Generated] Find Related Events Summary")
return
def add_note_4(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_note_4() called")
merge_individual_format = phantom.get_format_data(name="merge_individual_format")
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container, content=merge_individual_format, note_format="markdown", note_type="general", title="[Auto-Generated] Related Events Merged")
return
def add_note_5(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None):
phantom.debug('add_note_5() called')
formatted_data_1 = phantom.get_format_data(name='format_victims_list')
note_title = "add rf complete list note"
note_content = formatted_data_1
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content)
return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_note_1() called")
################################################################################
# Add a generic note letting the user know that no related events were found.
################################################################################
################################################################################
## Custom Code Start
################################################################################
# Write your custom code here...
################################################################################
## Custom Code End
################################################################################
phantom.add_note(container=container, content="No Related Events Found", note_format="markdown", note_type="general", title="[Auto-Generated] Find Related Events Summary")
return
def set_status_add_note_6(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None):
phantom.debug('set_status_add_note_6() called')
formatted_data_1 = phantom.get_format_data(name='Closing_comment')
phantom.set_status(container=container, status="Closed")
note_title = "Closing comment"
note_content = formatted_data_1
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content)
return
def Add_Notes(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug('Add_Notes() called')
results_data_1 = phantom.collect2(container=container, datapath=['Check_Login_Failures_Successes:action_result.data.*._raw'], action_results=results)
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
formatted_data_2 = phantom.get_format_data(name='Add_Note_Format__as_list')
results_item_1_0 = [item[0] for item in results_data_1]
note_title = "Enforce access management through centralized access control system"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)
phantom.comment(container=container, comment=formatted_data_2)
phantom.add_tags(container=container, tags="MITRE T0818")
phantom.add_list("Login_List", results_item_1_0)
return
def add_notes(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
phantom.debug("add_notes() called")
################################################################################
# Add notes to the container if any were generated by playbooks from the previous
# step.
################################################################################
launch_investigate_playbooks__playbooks_launched = json.loads(phantom.get_run_data(key="launch_investigate_playbooks:playbooks_launched"))
input_parameter_0 = ""
################################################################################
## Custom Code Start
################################################################################
playbooks_launched = launch_investigate_playbooks__playbooks_launched
# return early if any of the launched playbooks are not completed
if not phantom.completed(playbook_names=launch_investigate_playbooks__playbooks_launched):
return
playbook_outputs = []
for playbook_name in playbooks_launched:
note_title = phantom.collect2(container=container, datapath=["{}:playbook_output:note_title".format(playbook_name)])[0][0]
note_content = phantom.collect2(container=container, datapath=["{}:playbook_output:note_content".format(playbook_name)])[0][0]
phantom.add_note(container=container, content=note_content, note_format="markdown", note_type="general", title=note_title)
#phantom.add_note(container=container, content=note, note_format="markdown", note_type="general", title='trustar test note')
################################################################################
## Custom Code End
################################################################################
threat_intel_indicator_review(container=container)
return
def add_note_3(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Enforce secure endpoint and antivirus security policy at the user endpoint."
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
return
def add_note_2(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('add_note_2() called')
formatted_data_1 = phantom.get_format_data(name='format_5')
note_title = "Investigative Searches"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
return
def add_note_3(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Enforce managing sensitive information by encryption from the operational assets."
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
return
def add_note_3(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Manage software updates and vulnerabilities on the operational assets, and manage exceptions."
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
return
def add_note_3(action=None,
success=None,
container=None,
results=None,
handle=None,
filtered_artifacts=None,
filtered_results=None,
custom_function=None,
**kwargs):
phantom.debug('add_note_3() called')
formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
note_title = "Enforce access management through centralized access control system"
note_content = formatted_data_1
note_format = "markdown"
phantom.add_note(container=container,
note_type="general",
title=note_title,
content=note_content,
note_format=note_format)
return