diff --git a/Solutions/CTM360/Package/3.0.2.zip b/Solutions/CTM360/Package/3.0.2.zip index f3b9a1ae09b..e13fc77161e 100644 Binary files a/Solutions/CTM360/Package/3.0.2.zip and b/Solutions/CTM360/Package/3.0.2.zip differ diff --git a/Solutions/CTM360/Package/mainTemplate.json b/Solutions/CTM360/Package/mainTemplate.json index 0214b342b28..7dfcf0679ee 100644 --- a/Solutions/CTM360/Package/mainTemplate.json +++ b/Solutions/CTM360/Package/mainTemplate.json @@ -1046,13 +1046,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1060,10 +1060,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1167,13 +1167,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1181,10 +1181,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": true, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1288,13 +1288,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1302,10 +1302,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1409,13 +1409,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1423,10 +1423,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1525,13 +1525,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1539,10 +1539,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1641,13 +1641,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1655,10 +1655,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1760,31 +1760,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -1792,10 +1792,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -1895,31 +1895,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -1927,10 +1927,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2029,31 +2029,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -2061,10 +2061,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2163,31 +2163,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2195,10 +2195,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2299,13 +2299,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2313,10 +2313,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2415,13 +2415,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2429,10 +2429,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2531,31 +2531,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -2566,10 +2566,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2671,14 +2671,14 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { + "identifier": "Url", "suppressionDuration": "5h", - "columnName": "subject_s", - "identifier": "Url" + "columnName": "subject_s" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2686,10 +2686,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2788,31 +2788,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2820,10 +2820,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -2923,31 +2923,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -2955,10 +2955,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3058,31 +3058,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -3090,10 +3090,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3193,31 +3193,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -3225,10 +3225,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3327,31 +3327,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -3359,10 +3359,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3461,31 +3461,31 @@ ], "entityMappings": [ { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -3493,10 +3493,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3595,31 +3595,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -3627,10 +3627,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3729,31 +3729,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -3761,10 +3761,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3863,31 +3863,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -3895,10 +3895,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -3998,10 +3998,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4098,13 +4098,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4112,10 +4112,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4212,31 +4212,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4244,10 +4244,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4344,31 +4344,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4376,10 +4376,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4486,10 +4486,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4588,31 +4588,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -4620,10 +4620,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4726,13 +4726,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4740,10 +4740,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4846,13 +4846,13 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "subject_s" + "columnName": "subject_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4860,10 +4860,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -4964,31 +4964,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -4996,10 +4996,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5103,31 +5103,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -5135,10 +5135,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5242,31 +5242,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -5274,10 +5274,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5381,31 +5381,31 @@ ], "entityMappings": [ { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -5413,10 +5413,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5520,31 +5520,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -5555,10 +5555,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5662,31 +5662,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" } ], "eventGroupingSettings": { @@ -5694,11 +5694,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { - + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } @@ -5802,31 +5801,31 @@ ], "entityMappings": [ { - "entityType": "IP", "fieldMappings": [ { - "identifier": "Address", - "columnName": "meta_resolved_ip_s" + "columnName": "meta_resolved_ip_s", + "identifier": "Address" } - ] + ], + "entityType": "IP" }, { - "entityType": "Host", "fieldMappings": [ { - "identifier": "HostName", - "columnName": "meta_host_s" + "columnName": "meta_host_s", + "identifier": "HostName" } - ] + ], + "entityType": "Host" }, { - "entityType": "URL", "fieldMappings": [ { - "identifier": "Url", - "columnName": "hackerview_link_s" + "columnName": "hackerview_link_s", + "identifier": "Url" } - ] + ], + "entityType": "URL" } ], "eventGroupingSettings": { @@ -5834,10 +5833,10 @@ }, "incidentConfiguration": { "groupingConfiguration": { + "matchingMethod": "AllEntities", "enabled": false, - "reopenClosedIncident": false, "lookbackDuration": "PT5H", - "matchingMethod": "AllEntities" + "reopenClosedIncident": false }, "createIncident": true } diff --git a/Solutions/VMware Carbon Black Cloud/ReleaseNotes.md b/Solutions/VMware Carbon Black Cloud/ReleaseNotes.md index 016a1ec3595..b4bc33b9dd6 100644 --- a/Solutions/VMware Carbon Black Cloud/ReleaseNotes.md +++ b/Solutions/VMware Carbon Black Cloud/ReleaseNotes.md @@ -1,4 +1,6 @@ | **Version** | **Date Modified (DD-MM-YYYY)** | **Change History** | |-------------|--------------------------------|-----------------------------------------------------------| +| 3.0.3 | 28-10-2024 | Added Sample Queries to the CCP **Data Connector** template | +| 3.0.2 | 15-10-2024 | Added new CCP **Data Connector** to the Solution | | 3.0.1 | 17-04-2024 | Added Azure Deploy button for government portal deployments in **Data connectors** | -| 3.0.0 | 19-02-2024 | Alterts API integration done in Carbon Black **Function App** | +| 3.0.0 | 19-02-2024 | Alterts API integration done in Carbon Black **Function App** | \ No newline at end of file