-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathxsoar.json
More file actions
1 lines (1 loc) · 2.52 KB
/
xsoar.json
File metadata and controls
1 lines (1 loc) · 2.52 KB
1
{"id": "Account Enrichment - Generic v2.1", "version": 1, "contentitemexportablefields": {"contentitemfields": {"packID": "CommonPlaybooks", "packName": "Common Playbooks", "itemVersion": "2.2.1", "fromServerVersion": "5.0.0", "toServerVersion": "", "definitionid": ""}}, "vcShouldKeepItemLegacyProdMachine": false, "name": "Account Enrichment - Generic v2.1", "description": "Enrich accounts using one or more integrations.\nSupported integrations:\n- Active Directory", "starttaskid": "0", "tasks": {"id": "0", "taskid": "ff6c3afb-1f37-491b-8569-f2f9d6a79ff3", "type": "start", "task": {"id": "ff6c3afb-1f37-491b-8569-f2f9d6a79ff3", "version": -1, "name": "", "iscommand": false, "brand": ""}, "nexttasks": {"#none#": ["7"]}, "separatecontext": false, "continueonerrortype": "", "view": "{\n \"position\": {\n \"x\": 50,\n \"y\": 50\n }\n}", "note": false, "timertriggers": [], "ignoreworker": false, "skipunavailable": false, "quietmode": 0, "isoversize": false, "isautoswitchedtoquietmode": false, "scriptarguments": {"Ids": {"complex": {"root": "WildFire", "accessor": "Report.SHA256"}}, "Interval": {"complex": {"root": "inputs.Interval"}}, "PollingCommandArgName": {"simple": "hash"}, "PollingCommandName": {"simple": "wildfire-report"}, "Timeout": {"complex": {"root": "inputs.Timeout"}}, "dt": {"simple": "WildFire.Report(val.Status != 'Success').SHA256"}}, "loop": {"iscommand": false, "exitCondition": "", "wait": 1, "max": 0}, "conditions": [{"label": "yes", "condition": [[{"operator": "isExists", "left": {"value": {"complex": {"root": "WildFire", "filters": [[{"operator": "isEqualString", "left": {"value": {"simple": "WildFire.Report.Status"}, "iscontext": true}, "right": {"value": {"simple": "Pending"}}}]], "accessor": "Report.SHA256"}}, "iscontext": true}}]]}]}, "system": true, "view": "{\n \"linkLabelsPosition\": {\n \"1_3_#default#\": 0.62\n },\n \"paper\": {\n \"dimensions\": {\n \"height\": 780,\n \"width\": 650,\n \"x\": 50,\n \"y\": 50\n }\n }\n}", "inputs": [{"key": "DatetimeToWaitUntil", "value": {}, "required": true, "description": "The date and time to wait until before finishing the playbook. Should be in ISO-8601 format. For example: 2019-11-13T15:33:10.314406457Z", "playbookInputQuery": null}], "outputs": [{"contextPath": "ProcessedIndicators", "description": "The outputs of this playbook are tagged for manual review in the parent playbook or tagged using approved black, approved white etc.", "type": "string"}], "sourceplaybookid": "cve_enrichment_-_generic", "tags": "Malware", "quiet": true}