-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy paththreatconnect.json
More file actions
1 lines (1 loc) · 5.22 KB
/
threatconnect.json
File metadata and controls
1 lines (1 loc) · 5.22 KB
1
{"name": "Query Hashes via Email Submission", "type": "Standard", "panX": 247.0, "panY": 280.0, "logLevel": "TRACE", "description": "https://triggerlinkhere?type=TYPE_HERE&ioc=IOC_HERE\n\nValid TYPE_HERE options are:\nurl\nfile\nhost\nip\nemailaddress", "version": "1.85", "comment": "Auto-Saved on Thu Oct 31 20:43:23 UTC 2019", "jobList": {"id": 7643, "appCatalogItem": {"programName": "TCPB - SendEmail v2.0", "displayName": "Send Email", "programVersion": "2.0.6"}, "name": "Send Escalation Email", "jobParameterList": {"appCatalogItemParameter": {"paramName": "advanced"}, "value": "[{\"key\":\"email_transport\",\"value\":\"SMTPS\"}]"}, "locationLeft": 590.0, "locationTop": 170.0, "playbookRetryDelayMinutes": 1, "playbookRetryMaxRetries": 5}, "playbookConnectionList": {"type": "Pass", "isCircularOnTarget": false, "sourceJobId": 38126, "targetJobId": 38127, "sourceTriggerId": 6660, "targetTriggerId": 10734}, "playbookTriggerList": {"id": 1485, "name": "Hello World Escalation Email", "type": "WorkflowConfig", "eventType": "External", "locationLeft": 190.0, "locationTop": -110.0, "anyOrg": true, "playbookTriggerFilterList": {}, "outputVariables": "[{\"sourceInputList\":[],\"loopVariables\":false,\"name\":\"escalationBody\",\"type\":\"String\"},{\"sourceInputList\":[],\"loopVariables\":false,\"name\":\"escalationSubject\",\"type\":\"String\"}]", "pipeInputParams": "[{\"uiHidden\":true,\"label\":\"tc.case_id\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"tc.case_id\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false},{\"uiHidden\":true,\"label\":\"tc.case\",\"dataType\":\"String\",\"playbookDataType\":\"TCEntity\",\"required\":true,\"name\":\"tc.case\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false},{\"uiHidden\":false,\"label\":\"Escalation Email Subject\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"escalationSubject\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[]},{\"uiHidden\":false,\"label\":\"Escalation Email Body\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"escalationBody\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[]},{\"uiHidden\":true,\"label\":\"escalationSubject.tc.artifact_id\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"escalationSubject.tc.artifact_id\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false},{\"uiHidden\":true,\"label\":\"escalationBody.tc.artifact_id\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"escalationBody.tc.artifact_id\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false}]", "pipeOutputParams": "[{\"key\":\"emailRecipient\",\"value\":\"#App:7643:email.recipient!String \",\"displayValue\":\"#App:7643:email.recipient!String \"}]"}, "playbookLabels": {"playbookLabelType": {"label": "VirusTotal"}}, "exportablePipes": {"definitionVersion": "b56157bc1469a603b9f457acc9d0bff2", "name": "False Positive Triage", "type": "Pipe", "panX": 272.0, "panY": 478.0, "logLevel": "TRACE", "description": "Deletes a false positive indicator after reporting it, turning off all monitors, resetting all ratings, waiting enough time for CAL to pick up the change, and finally republishing any groups associated with the indicator.", "jobList": {"id": 1484358644, "appCatalogItem": {"programName": "TCPB - IndicatorRetrieve v1.1", "displayName": "Get ThreatConnect Indicator", "programVersion": "1.1.18"}, "name": "Get ThreatConnect Indicator 1", "enableNotifications": false, "jobParameterList": {"appCatalogItemParameter": {"paramName": "owner"}, "value": "#Trigger:1484345691:owner!String"}, "locationLeft": -150.0, "locationTop": 0.0, "outputVariables": "[{\"name\":\"tc.indicator\",\"type\":\"TCEntity\"},{\"name\":\"tc.bulk.json\",\"type\":\"String\"}]", "playbookRetryEnabled": false}, "playbookConnectionList": {"type": "Pass", "isCircularOnTarget": false, "sourceJobId": 1484345770, "targetJobId": 1484345789}, "playbookTriggerList": {"id": 1484345691, "name": "Component Trigger", "type": "PipeConfig", "eventType": "External", "locationLeft": -150.0, "locationTop": -120.0, "httpBasicAuthEnable": false, "anyOrg": true, "orFilters": false, "fireOnDuplicate": false, "renderBodyAsTip": false, "outputVariables": "[{\"name\":\"indicator\",\"type\":\"String\"},{\"name\":\"owner\",\"type\":\"String\"}]", "pipeInputParams": "[{\"label\":\"Owner\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"owner\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[\"${TEXT}\"]},{\"label\":\"Indicator\",\"dataType\":\"String\",\"playbookDataType\":\"String\",\"required\":true,\"name\":\"indicator\",\"encrypted\":false,\"hidden\":false,\"hasDollarVariables\":false,\"playbookVariable\":false,\"validValuesList\":[]}]", "pipeOutputParams": "[]"}, "dateExported": "9/13/18 2:58 PM"}, "priority": 6, "definitionVersion": "1.0.0", "dateExported": "3/2/18 2:09 PM", "roiMinutes": 30}