예제 #1
0
def Prompt_timeout_api(action=None,
                       success=None,
                       container=None,
                       results=None,
                       handle=None,
                       filtered_artifacts=None,
                       filtered_results=None,
                       custom_function=None,
                       **kwargs):
    phantom.debug('Prompt_timeout_api() called')

    phantom.pin(container=container,
                data="",
                message="\"Awaiting Action\"",
                pin_type="card",
                pin_style="red",
                name="Awaiting_Action_pin")

    note_title = ""
    note_content = ""
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    phantom.comment(
        container=container,
        comment="“User failed to promote event within time limit.”")

    phantom.set_status(container=container, status="Closed")

    return
예제 #2
0
def summary_note(action=None,
                 success=None,
                 container=None,
                 results=None,
                 handle=None,
                 filtered_artifacts=None,
                 filtered_results=None,
                 custom_function=None,
                 **kwargs):
    phantom.debug("summary_note() called")

    ################################################################################
    # Leave a summary note
    ################################################################################

    format_custom_note__output = json.loads(
        phantom.get_run_data(key="format_custom_note:output"))

    ################################################################################
    ## Custom Code Start
    ################################################################################

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container,
                     content=format_custom_note__output,
                     note_format="markdown",
                     note_type="general",
                     title="SSH Log4j Response")

    return
예제 #3
0
def add_protect_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_protect_note() called")

    ################################################################################
    # Custom code to handle leaving a note with a dynamic title and content when the 
    # Risk Mitigate workbook is not present.
    ################################################################################

    risk_notable_protect_assets_and_users_output_note_title = phantom.collect2(container=container, datapath=["risk_notable_protect_assets_and_users:playbook_output:note_title"])
    risk_notable_protect_assets_and_users_output_note_content = phantom.collect2(container=container, datapath=["risk_notable_protect_assets_and_users:playbook_output:note_content"])

    risk_notable_protect_assets_and_users_output_note_title_values = [item[0] for item in risk_notable_protect_assets_and_users_output_note_title]
    risk_notable_protect_assets_and_users_output_note_content_values = [item[0] for item in risk_notable_protect_assets_and_users_output_note_content]

    ################################################################################
    ## Custom Code Start
    ################################################################################

    note_title = risk_notable_protect_assets_and_users_output_note_title_values
    note_content = risk_notable_protect_assets_and_users_output_note_content_values
    for title, content in zip(note_title, note_content):
        phantom.add_note(container=container, title=title, content=content, note_type="general", note_format="markdown")

    ################################################################################
    ## Custom Code End
    ################################################################################

    return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_1() called')

    note_title = "Notable Created in Enterprise Security"
    note_content = "A notable event containing relevant information about this event has been created in Enterprise Security."
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #5
0
def add_note_5(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_5() called')

    formatted_data_1 = phantom.get_format_data(name='Text_Unable_to_unshorten_url')

    note_title = "URL NOT unshortend"
    note_content = formatted_data_1
    note_format = "html"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
def add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Enforce network allow lists either at host and/or network layer to monitor and limit access to critical assets."
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_1() called')

    formatted_data_1 = phantom.get_format_data(name='format_1')

    note_title = "List process result"
    note_content = formatted_data_1
    note_format = "html"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
def add_note_22(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_22() called')

    formatted_data_1 = phantom.get_format_data(name='Format_Add_Note')

    note_title = "OT Asset Information Details"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #9
0
def add_comment_add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_comment_add_note_3() called')

    phantom.comment(container=container, comment="No recipients have been found receiving this email")

    note_title = "No Recipients Found"
    note_content = "No recipients have been found to have received this email."
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #10
0
def add_HTTP_metadata_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_HTTP_metadata_note() called')

    formatted_data_1 = phantom.get_format_data(name='format_http_note')

    note_title = "URI the end point made requests to"
    note_content = formatted_data_1
    note_format = "html"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #11
0
def Add_other_service_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('Add_other_service_note() called')

    formatted_data_1 = phantom.get_format_data(name='Format_other_service_note')

    note_title = "Internal service detection"
    note_content = formatted_data_1
    note_format = "html"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #12
0
def Add_New_Systems_Note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('Add_New_Systems_Note() called')

    formatted_data_1 = phantom.get_format_data(name='Format_New_Systems_Note')

    note_title = "New System Connection"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
def add_note_3(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Check Network New Outbound Detected"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
def add_note_22(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_note_22() called')

    formatted_data_1 = phantom.get_format_data(name='Format_Add_Note')

    note_title = "\"Enforcement of network segmentation control on the host, limiting the host to minimal connectivity"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #15
0
def add_comment_add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('add_comment_add_note_2() called')

    formatted_data_1 = phantom.get_format_data(name='format_5')

    phantom.comment(container=container, comment=formatted_data_1)

    note_title = "Recipients of Email"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    return
예제 #16
0
def add_import_data_note_1(action=None,
                           success=None,
                           container=None,
                           results=None,
                           handle=None,
                           filtered_artifacts=None,
                           filtered_results=None,
                           custom_function=None,
                           **kwargs):
    phantom.debug("add_import_data_note_1() called")

    ################################################################################
    # Custom code to handle leaving a note with a dynamic title and content when the
    # Risk Investigation workbook is not present.
    ################################################################################

    risk_notable_import_data_output_note_title = phantom.collect2(
        container=container,
        datapath=["risk_notable_import_data:playbook_output:note_title"])
    risk_notable_import_data_output_note_content = phantom.collect2(
        container=container,
        datapath=["risk_notable_import_data:playbook_output:note_content"])

    risk_notable_import_data_output_note_title_values = [
        item[0] for item in risk_notable_import_data_output_note_title
    ]
    risk_notable_import_data_output_note_content_values = [
        item[0] for item in risk_notable_import_data_output_note_content
    ]

    ################################################################################
    ## Custom Code Start
    ################################################################################

    for title, content in zip(
            risk_notable_import_data_output_note_title_values,
            risk_notable_import_data_output_note_content_values):

        phantom.add_note(container=container,
                         content=content,
                         note_format="markdown",
                         note_type="general",
                         title=title)

    ################################################################################
    ## Custom Code End
    ################################################################################

    join_risk_notable_enrich(container=container)

    return
예제 #17
0
def add_error_note(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_error_note() called")

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container, content="No response playbooks found for criteria in playbook_list utility block.", note_format="markdown", note_type="general", title="[Auto-Generated] Verdict Error")

    return
예제 #18
0
def add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_note_2() called")

    custom_format__note_content = json.loads(phantom.get_run_data(key="custom_format:note_content"))

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container, content=custom_format__note_content, note_format="markdown", note_type="general", title="Evidence of jndilookup.class for CVE-2021-44228")

    return
def add_note_2(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_note_2() called")

    format_end_note = phantom.get_format_data(name="format_end_note")

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container, content=format_end_note, note_format="markdown", note_type="general", title="[Auto-Generated] Find Related Events Summary")

    return
def add_note_4(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_note_4() called")

    merge_individual_format = phantom.get_format_data(name="merge_individual_format")

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container, content=merge_individual_format, note_format="markdown", note_type="general", title="[Auto-Generated] Related Events Merged")

    return
예제 #21
0
def add_note_5(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None):
    phantom.debug('add_note_5() called')

    formatted_data_1 = phantom.get_format_data(name='format_victims_list')

    note_title = "add rf complete list note"
    note_content = formatted_data_1
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content)

    return
def add_note_1(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_note_1() called")

    ################################################################################
    # Add a generic note letting the user know that no related events were found.
    ################################################################################

    ################################################################################
    ## Custom Code Start
    ################################################################################

    # Write your custom code here...

    ################################################################################
    ## Custom Code End
    ################################################################################

    phantom.add_note(container=container, content="No Related Events Found", note_format="markdown", note_type="general", title="[Auto-Generated] Find Related Events Summary")

    return
def set_status_add_note_6(action=None,
                          success=None,
                          container=None,
                          results=None,
                          handle=None,
                          filtered_artifacts=None,
                          filtered_results=None):
    phantom.debug('set_status_add_note_6() called')

    formatted_data_1 = phantom.get_format_data(name='Closing_comment')

    phantom.set_status(container=container, status="Closed")

    note_title = "Closing comment"
    note_content = formatted_data_1
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content)

    return
def Add_Notes(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug('Add_Notes() called')

    results_data_1 = phantom.collect2(container=container, datapath=['Check_Login_Failures_Successes:action_result.data.*._raw'], action_results=results)
    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')
    formatted_data_2 = phantom.get_format_data(name='Add_Note_Format__as_list')

    results_item_1_0 = [item[0] for item in results_data_1]

    note_title = "Enforce access management through centralized access control system"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container, note_type="general", title=note_title, content=note_content, note_format=note_format)

    phantom.comment(container=container, comment=formatted_data_2)

    phantom.add_tags(container=container, tags="MITRE T0818")

    phantom.add_list("Login_List", results_item_1_0)

    return
예제 #25
0
def add_notes(action=None, success=None, container=None, results=None, handle=None, filtered_artifacts=None, filtered_results=None, custom_function=None, **kwargs):
    phantom.debug("add_notes() called")

    ################################################################################
    # Add notes to the container if any were generated by playbooks from the previous 
    # step.
    ################################################################################

    launch_investigate_playbooks__playbooks_launched = json.loads(phantom.get_run_data(key="launch_investigate_playbooks:playbooks_launched"))

    input_parameter_0 = ""

    ################################################################################
    ## Custom Code Start
    ################################################################################
    
    playbooks_launched = launch_investigate_playbooks__playbooks_launched
    
    # return early if any of the launched playbooks are not completed
    if not phantom.completed(playbook_names=launch_investigate_playbooks__playbooks_launched):
        return
    
    playbook_outputs = []
    for playbook_name in playbooks_launched:
        note_title = phantom.collect2(container=container, datapath=["{}:playbook_output:note_title".format(playbook_name)])[0][0]
        note_content = phantom.collect2(container=container, datapath=["{}:playbook_output:note_content".format(playbook_name)])[0][0]
        phantom.add_note(container=container, content=note_content, note_format="markdown", note_type="general", title=note_title)
    
    
    #phantom.add_note(container=container, content=note, note_format="markdown", note_type="general", title='trustar test note')

    ################################################################################
    ## Custom Code End
    ################################################################################

    threat_intel_indicator_review(container=container)

    return
예제 #26
0
def add_note_3(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None,
               custom_function=None,
               **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Enforce secure endpoint and antivirus security policy at the user endpoint."
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    return
def add_note_2(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None,
               custom_function=None,
               **kwargs):
    phantom.debug('add_note_2() called')

    formatted_data_1 = phantom.get_format_data(name='format_5')

    note_title = "Investigative Searches"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    return
예제 #28
0
def add_note_3(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None,
               custom_function=None,
               **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Enforce managing sensitive information by encryption from the operational assets."
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    return
def add_note_3(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None,
               custom_function=None,
               **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Manage software updates and vulnerabilities on the operational assets, and manage exceptions."
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    return
예제 #30
0
def add_note_3(action=None,
               success=None,
               container=None,
               results=None,
               handle=None,
               filtered_artifacts=None,
               filtered_results=None,
               custom_function=None,
               **kwargs):
    phantom.debug('add_note_3() called')

    formatted_data_1 = phantom.get_format_data(name='Add_Note_Format')

    note_title = "Enforce access management through centralized access control system"
    note_content = formatted_data_1
    note_format = "markdown"
    phantom.add_note(container=container,
                     note_type="general",
                     title=note_title,
                     content=note_content,
                     note_format=note_format)

    return