Merge pull request demisto#4 from qmasters-ltd/feature/attachment

feature/attachment
CyberInt · Apr 12, 2021 · 68b5588 · 68b5588
2 parents 32779b9 + d714b5c
commit 68b5588
Show file tree

Hide file tree

Showing 13 changed files with 2,067 additions and 3,323 deletions.
diff --git a/.gitignore b/.gitignore
@@ -132,3 +132,5 @@ dmypy.json
 CommonServerPython.py
 CommonServerUserPython.py
 demistomock.py
+Cyberint_unified.yml
+Integrations/Cyberint/Cyberint_unified.yml
diff --git a/Integrations/Cyberint/Cyberint.py b/Integrations/Cyberint/Cyberint.py
diff --git a/Integrations/Cyberint/Cyberint.yml b/Integrations/Cyberint/Cyberint.yml
@@ -3,22 +3,27 @@ commonfields:
   id: cyberint
   version: -1
 configuration:
+- display: Incident type
+  name: incidentType
+  required: false
+  type: 13
 - additionalinfo: Cyberint API access token.
   display: Cyberint Access Token
   name: access_token
   required: true
   type: 4
-- additionalinfo: "Cyberint environment on which the services run (i.e http://{environment}.cyberint.io/...)"
+- additionalinfo: Cyberint environment on which the services run (i.e http://{environment}.cyberint.io/...)
   display: Cyberint API Environment
   name: environment
   required: true
+  type: 0
 - display: Fetch incidents
   name: isFetch
   required: false
   type: 8
-- additionalinfo: Choose the severity(s) (not minimum) to fetch. If none is chosen,
-    all severity levels will be returned.
-  display: Fetch Severities
+- additionalinfo: Severities to fetch. If none is chosen, all severity levels will
+    be returned.
+  display: Fetch Severity
   name: fetch_severity
   options:
   - low
@@ -27,23 +32,22 @@ configuration:
   - very_high
   required: false
   type: 16
-- additionalinfo: Choose one or more statuses to fetch if wanted. If none is chosen,
-    all categories will be returned.
-  display: Fetch Statuses
+- additionalinfo: Statuses to fetch. If none is chosen, all statuses will be returned.
+  display: Fetch Status
   name: fetch_status
   options:
   - open
   - acknowledged
   - closed
   required: false
   type: 16
-- additionalinfo: Enter one or more environments to fetch if wanted (comma separated).
-    If empty, all available environments will be returned.
-  display: Fetch Environments
+- additionalinfo: Environments to fetch (comma separated). If empty, all available
+    environments will be returned.
+  display: Fetch Environment
   name: fetch_environment
   required: false
-- additionalinfo: Choose one or more types to fetch if wanted. If none is chosen,
-    all types will be returned.
+  type: 0
+- additionalinfo: Types to fetch. If none is chosen, all types will be returned.
   display: Fetch Types
   name: fetch_type
   options:
@@ -90,17 +94,18 @@ configuration:
   - other
   required: false
   type: 16
-- additionalinfo: "Max number of alerts per fetch. Defaults to  the minimum 10, max\
-    \ is 100."
+- additionalinfo: Max number of alerts per fetch. Defaults to  the minimum 10, max
+    is 100.
   defaultvalue: '10'
   display: Fetch Limit
   name: max_fetch
   required: false
-- additionalinfo: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days.
-  defaultvalue: 7 days
-  display: First Fetch Time
-  name: fetch_time
+  type: 0
+- defaultvalue: 7 days
+  display: First fetch timestamp (<number> <time unit>, e.g., 12 hours, 7 days)
+  name: first_fetch
   required: false
+  type: 0
 - display: Trust any certificate (not secure)
   name: insecure
   required: false
@@ -117,16 +122,17 @@ name: cyberint
 script:
   commands:
   - arguments:
-    - default: true
+    - default: false
       defaultValue: '1'
-      description: Page number to return.
+      description: Page number to return. Default is 1.
       isArray: false
       name: page
       required: false
       secret: false
-    - default: true
+    - default: false
       defaultValue: '10'
-      description: Number of results in a page. Must be between 10 and 100.
+      description: Number of results in a page. Default is 10. Must be between 10
+        and 100.
       isArray: false
       name: page_size
       required: false
@@ -355,6 +361,12 @@ script:
     - contextPath: Cyberint.Alert.alert_data.username
       description: Username of an account related to an event.
       type: String
+    - contextPath: Cyberint.Alert.alert_data.csv.username
+      description: Username of an account found in a report CSV.
+      type: String
+    - contextPath: Cyberint.Alert.alert_data.csv.password
+      description: Password of an account found in a report CSV.
+      type: String
     - contextPath: Cyberint.Alert.alert_data.email
       description: Email of an account related to an event.
       type: String
@@ -370,6 +382,9 @@ script:
     - contextPath: Cyberint.Alert.alert_data.blacklist_repository
       description: Blacklist repository name related to an event.
       type: String
+    - contextPath: Cyberint.Alert.alert_data.screenshot
+      description: Screenshot related to an event.
+      type: String
     - contextPath: Cyberint.Alert.alert_data.spf_records
       description: SPF records if applicable to the event.
       type: String
@@ -418,6 +433,9 @@ script:
     - contextPath: Cyberint.Alert.tags
       description: Tags related to the alert
       type: String
+    - contextPath: Cyberint.Alert.attachments
+      description: Attachments related to the alert
+      type: String
   - arguments:
     - default: false
       description: Reference IDs for the alert(s)
@@ -462,7 +480,109 @@ script:
     - contextPath: Cyberint.Alert.closure_reason
       description: Reason for updating the alert to closed if closed.
       type: String
-  dockerimage: demisto/python3:3.8.3.8715
+  - arguments:
+    - default: false
+      description: Reference ID of the alert.
+      isArray: false
+      name: alert_ref_id
+      required: true
+      secret: false
+    - default: false
+      description: Attachment ID.
+      isArray: false
+      name: attachment_id
+      required: true
+      secret: false
+    - default: false
+      description: Attachment file name
+      isArray: false
+      name: attachment_name
+      required: true
+      secret: false
+    deprecated: false
+    description: Get alert attachment.
+    execution: false
+    name: cyberint-alerts-get-attachment
+    outputs:
+    - contextPath: File.Size
+      description: The size of the file.
+      type: Number
+    - contextPath: File.SHA1
+      description: The SHA1 hash of the file.
+      type: String
+    - contextPath: File.SHA256
+      description: The SHA256 hash of the file.
+      type: String
+    - contextPath: File.Name
+      description: The name of the file.
+      type: String
+    - contextPath: File.SSDeep
+      description: The SSDeep hash of the file.
+      type: String
+    - contextPath: File.EntryID
+      description: The entry ID of the file.
+      type: String
+    - contextPath: File.Info
+      description: File information.
+      type: String
+    - contextPath: File.Type
+      description: The file type.
+      type: String
+    - contextPath: File.MD5
+      description: The MD5 hash of the file.
+      type: String
+    - contextPath: File.Extension
+      description: The file extension.
+      type: String
+  - arguments:
+    - default: false
+      description: Reference ID of the alert.
+      isArray: false
+      name: alert_ref_id
+      required: true
+      secret: false
+    - default: false
+      description: Analysis report file name.
+      isArray: false
+      name: report_name
+      required: true
+      secret: false
+    deprecated: false
+    description: Get alert analysis report.
+    execution: false
+    name: cyberint-alerts-analysis-report
+    outputs:
+    - contextPath: File.Size
+      description: The size of the file.
+      type: Number
+    - contextPath: File.SHA1
+      description: The SHA1 hash of the file.
+      type: String
+    - contextPath: File.SHA256
+      description: The SHA256 hash of the file.
+      type: String
+    - contextPath: File.Name
+      description: The name of the file.
+      type: String
+    - contextPath: File.SSDeep
+      description: The SSDeep hash of the file.
+      type: String
+    - contextPath: File.EntryID
+      description: The entry ID of the file.
+      type: String
+    - contextPath: File.Info
+      description: File information.
+      type: String
+    - contextPath: File.Type
+      description: The file type.
+      type: String
+    - contextPath: File.MD5
+      description: The MD5 hash of the file.
+      type: String
+    - contextPath: File.Extension
+      description: The file extension.
+      type: String
+  dockerimage: demisto/python3:3.9.4.18682
   feed: false
   isfetch: true
   longRunning: false
@@ -471,3 +591,6 @@ script:
   script: '-'
   subtype: python3
   type: python
+tests:
+- No tests - Deprecated
+fromversion: 5.0.0