Skip to content

Commit

Permalink
Gem Security pack Commit
Browse files Browse the repository at this point in the history 
Pack includes:

1 Automation
3 Classifiers
16 Incident Fields
1 Incident Type
1 Integration
1 Layout
3 Playbooks
1 Pre-process Rule
  • Loading branch information
@liormgem
liormgem committed Mar 19, 2024
1 parent 383f3ad commit 80080ee
Show file tree
Hide file tree
Showing 48 changed files with 6,691 additions and 0 deletions.
Empty file added Packs/Gem/.pack-ignore
View file
Empty file.
Empty file added Packs/Gem/.secrets-ignore
View file
Empty file.
Binary file added Packs/Gem/Author_image.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 18 additions & 0 deletions Packs/Gem/Classifiers/classifier-GemAlert.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{
"id": "Gem Classifier",
"name": "Gem Classifier",
"type": "classification",
"defaultIncidentType": "Gem Alert",
"description": "Classifies Gem Alerts.",
"fromVersion": "6.10.0",
"keyTypeMap": {},
"transformer": {
"complex": null,
"simple": ""
},
"version": -1,
"feed": false,
"propagationLabels": [
"all"
]
}
123 changes: 123 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem-webhook.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
{
"feed": false,
"fromVersion": "6.10.0",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Gem Account ID": {
"simple": "account.name"
},
"Gem Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Gem Alert ID": {
"simple": "event.alert_id"
},
"Gem Alert Source": {
"simple": "event.alert_source"
},
"occurred": {
"simple": "event_datetime"
},
"Description": {
"simple": "description"
},
"Gem Events Count": {
"simple": "event.events_total_count"
},
"Gem Url": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "event",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"Gem Main Entity ID": {
"simple": "event.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "event.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "event.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "event.main_entity.type"
},
"Gem Threat ID": {
"simple": "event.threat_id"
},
"Gem Title": {
"simple": "title"
},
"Gem TTP ID": {
"simple": "event.ttp_id"
},
"name": {
"simple": "title"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
},
"Gem Severity": {
"simple": "severity"
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"id": "Gem Mapper Webhook",
"name": "Gem Mapper Webhook",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields when received via webhook.",
"version": -1
}
123 changes: 123 additions & 0 deletions Packs/Gem/Classifiers/classifier-mapper-incoming-Gem.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,123 @@
{
"id": "Gem Mapper",
"name": "Gem Mapper",
"type": "mapping-incoming",
"description": "Maps incoming Gem Alert fields.",
"fromVersion": "6.10.0",
"defaultIncidentType": "Gem Alert",
"mapping": {
"Gem Alert": {
"dontMapEventToLabels": false,
"internalMapping": {
"Description": {
"simple": "description"
},
"Gem Account ID": {
"simple": "account.name"
},
"Gem Account Name": {
"simple": "account.display_name"
},
"Gem Account Provider": {
"simple": "account.cloud_provider"
},
"Gem Alert ID": {
"simple": "metadata.alert_id"
},
"Gem Alert Source": {
"simple": "metadata.alert_source"
},
"Gem Events Count": {
"simple": "metadata.events_total_count"
},
"Gem Main Entity ID": {
"simple": "metadata.main_entity.id"
},
"Gem Main Entity Name": {
"simple": "metadata.main_entity.name"
},
"Gem Main Entity Region": {
"simple": "metadata.main_entity.metadata.region"
},
"Gem Main Entity Type": {
"simple": "metadata.main_entity.type"
},
"Gem Severity": {
"simple": "severity"
},
"Gem TTP ID": {
"simple": "metadata.ttp_id"
},
"Gem Threat ID": {
"simple": "metadata.threat_id"
},
"Gem Title": {
"simple": "title"
},
"Gem Url": {
"complex": {
"accessor": "threat_id",
"filters": [],
"root": "metadata",
"transformers": [
{
"args": {
"prefix": {
"isContext": false,
"value": {
"simple": "https://app.gem.security/threats/"
}
},
"suffix": {
"isContext": false
}
},
"operator": "concat"
}
]
}
},
"name": {
"simple": "title"
},
"occurred": {
"simple": "event_datetime"
},
"severity": {
"complex": {
"filters": [],
"root": "severity",
"transformers": [
{
"args": {
"input_values": {
"isContext": false,
"value": {
"simple": "1,2,3,4,5,6,7,8,9,10"
}
},
"mapped_values": {
"isContext": false,
"value": {
"simple": "1,1,1,2,2,2,2,3,3,3"
}
}
},
"operator": "MapValuesTransformer"
}
]
}
}
}
},
"dbot_classification_incident_type_all": {
"dontMapEventToLabels": false,
"internalMapping": {
"occurred": {
"simple": "event_datetime"
}
}
}
},
"version": -1
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Account_ID.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemaccountid",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemaccountid",
"isReadOnly": true,
"locked": false,
"name": "Gem Account ID",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.10.0"
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Account_Name.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemaccountname",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemaccountname",
"isReadOnly": true,
"locked": false,
"name": "Gem Account Name",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.10.0"
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Account_Provider.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemaccountprovider",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemaccountprovider",
"isReadOnly": true,
"locked": false,
"name": "Gem Account Provider",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.10.0"
}
30 changes: 30 additions & 0 deletions Packs/Gem/IncidentFields/incidentfield-Gem_Alert_ID.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{
"associatedToAll": false,
"associatedTypes": [
"Gem Alert"
],
"caseInsensitive": true,
"cliName": "gemalertid",
"closeForm": true,
"content": true,
"editForm": true,
"group": 0,
"hidden": false,
"id": "incident_gemalertid",
"isReadOnly": true,
"locked": false,
"name": "Gem Alert ID",
"neverSetAsRequired": false,
"openEnded": false,
"ownerOnly": false,
"required": false,
"sla": 0,
"system": false,
"threshold": 72,
"type": "shortText",
"unmapped": false,
"unsearchable": false,
"useAsKpi": false,
"version": -1,
"fromVersion": "6.10.0"
}
Loading

0 comments on commit 80080ee

Please sign in to comment.