Hod/mitre layout (#8955)

* Adding indicator fields neccessery for the new layout * Removed modification of mitreplatforms incidenttype * Backwards compatability for layout in 5.5 * Renaming fields * PR changes * Additional PR changes * Updated * Updated * Updating docker images Co-authored-by: Bar Hochman <[email protected]> Co-authored-by: hod-alpert <[email protected]> Co-authored-by: Alex Fiedler <[email protected]>
demisto · Sep 29, 2020 · 64cac0b · 64cac0b
1 parent e627f84
commit 64cac0b
Show file tree

Hide file tree

Showing 12 changed files with 1,594 additions and 1,099 deletions.
diff --git a/Packs/FeedMitreAttack/IndicatorFields/incidentfield-mitrecreated.json b/Packs/FeedMitreAttack/IndicatorFields/incidentfield-mitrecreated.json
@@ -0,0 +1,30 @@
+{
+ "id": "indicator_mitrecreated",
+ "version": -1,
+ "modified": "2020-09-13T16:40:18.932262+03:00",
+ "name": "Created (by MITRE)",
+ "ownerOnly": false,
+ "cliName": "mitrecreated",
+ "type": "date",
+ "closeForm": false,
+ "editForm": true,
+ "required": false,
+ "neverSetAsRequired": false,
+ "isReadOnly": false,
+ "useAsKpi": false,
+ "locked": false,
+ "system": false,
+ "content": true,
+ "group": 2,
+ "hidden": false,
+ "associatedTypes": [
+  "MITRE ATT&CK"
+ ],
+ "associatedToAll": false,
+ "unmapped": false,
+ "unsearchable": false,
+ "caseInsensitive": true,
+ "sla": 0,
+ "threshold": 72,
+ "fromVersion": "5.5.0"
+}
diff --git a/Packs/FeedMitreAttack/IndicatorFields/incidentfield-mitremodified.json b/Packs/FeedMitreAttack/IndicatorFields/incidentfield-mitremodified.json
@@ -0,0 +1,30 @@
+{
+  "id": "indicator_mitremodified",
+  "version": -1,
+  "modified": "2020-09-13T16:40:46.057661+03:00",
+  "name": "Modified (by MITRE)",
+  "ownerOnly": false,
+  "cliName": "mitremodified",
+  "type": "date",
+  "closeForm": false,
+  "editForm": true,
+  "required": false,
+  "neverSetAsRequired": false,
+  "isReadOnly": false,
+  "useAsKpi": false,
+  "locked": false,
+  "system": false,
+  "content": true,
+  "group": 2,
+  "hidden": false,
+  "associatedTypes": [
+    "MITRE ATT&CK"
+  ],
+  "associatedToAll": false,
+  "unmapped": false,
+  "unsearchable": false,
+  "caseInsensitive": true,
+  "sla": 0,
+  "threshold": 72,
+  "fromVersion": "5.5.0"
+}
diff --git a/Packs/FeedMitreAttack/Integrations/FeedMitreAttack/FeedMitreAttack.py b/Packs/FeedMitreAttack/Integrations/FeedMitreAttack/FeedMitreAttack.py
@@ -1,6 +1,5 @@
 import demistomock as demisto
 from CommonServerPython import *
-from CommonServerUserPython import *
 
 from typing import List, Dict, Set, Optional
 import json
@@ -32,7 +31,9 @@
     "mitreplatforms": {"name": "x_mitre_platforms", "type": "dict"},
     "mitresystemrequirements": {"name": "x_mitre_system_requirements", "type": "list"},
     "mitreversion": {"name": "x_mitre_version", "type": "str"},
-    "mitretype": {"name": "type", "type": "str"}
+    "mitretype": {"name": "type", "type": "str"},
+    "mitrecreated": {"name": "created", "type": "str"},
+    "mitremodified": {"name": "modified", "type": "str"}
 }
 
 # Disable insecure warnings

diff --git a/Packs/FeedMitreAttack/Integrations/FeedMitreAttack/FeedMitreAttack.yml b/Packs/FeedMitreAttack/Integrations/FeedMitreAttack/FeedMitreAttack.yml
@@ -4,10 +4,12 @@ commonfields:
 name: MITRE ATT&CK
 display: MITRE ATT&CK Feed
 category: Data Enrichment & Threat Intelligence
-description: Use the MITRE ATT&CK® feed to fetch MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) content.
-  MITRE ATT&CK® is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
-  The ATT&CK knowledge base is used as a foundation for the development of specific threat models and methodologies in the private sector,
-  in government, and in the cybersecurity product and service community.
+description: Use the MITRE ATT&CK® feed to fetch MITRE’s Adversarial Tactics, Techniques,
+  and Common Knowledge (ATT&CK®) content. MITRE ATT&CK® is a globally-accessible knowledge
+  base of adversary tactics and techniques based on real-world observations. The ATT&CK
+  knowledge base is used as a foundation for the development of specific threat models
+  and methodologies in the private sector, in government, and in the cybersecurity
+  product and service community.
 configuration:
 - display: Include external actor references as indicators
   name: includeAPT
@@ -24,13 +26,14 @@ configuration:
 - display: Indicator Reputation
   name: feedReputation
   options:
-    - None
-    - Good
-    - Suspicious
-    - Bad
+  - None
+  - Good
+  - Suspicious
+  - Bad
   required: false
   type: 18
-  additionalinfo: Indicators from this integration instance will be marked with this reputation
+  additionalinfo: Indicators from this integration instance will be marked with this
+    reputation
 - display: Source Reliability
   name: feedReliability
   defaultvalue: A - Completely reliable
@@ -112,7 +115,8 @@ script:
       predefined:
       - 'False'
       - 'True'
-      description: Output in raw JSON format. Can be "True" or "False". The default is "False".
+      description: Output in raw JSON format. Can be "True" or "False". The default
+        is "False".
       defaultValue: 'False'
     description: Retreives a limited number of the indicators.
   - name: mitre-show-feeds
@@ -128,7 +132,8 @@ script:
       predefined:
       - 'True'
       - 'False'
-      description: Whether the search case sensitive. Can be "True" or "False". The default is "False".
+      description: Whether the search is case sensitive. Can be "True" or "False". The
+        default is "False".
       defaultValue: 'False'
     outputs:
     - contextPath: indicators.id